One Year After OPM Data Breach, What Has The Government Learned? : All Tech Considered A year ago, the government said the personal information of millions of employees and others was stolen by hackers. Federal officials say they've boosted cybersecurity, but there's more work to do.
NPR logo

One Year After OPM Data Breach, What Has The Government Learned?

  • Download
  • <iframe src="https://www.npr.org/player/embed/480968999/480989123" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
One Year After OPM Data Breach, What Has The Government Learned?

One Year After OPM Data Breach, What Has The Government Learned?

  • Download
  • <iframe src="https://www.npr.org/player/embed/480968999/480989123" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

ROBERT SIEGEL, HOST:

It's been a year since the U.S. government admitted that hackers had broken into a computer system that stores some of the most sensitive government data - the names, Social Security numbers, addresses and other information about millions of people who hold government security clearances or had applied for them.

In this week's All Tech Considered, we look at what's happened to the government and the victims since.

(SOUNDBITE OF MUSIC)

SIEGEL: The agency responsible for keeping those records - the Office of Personnel Management - has made changes. But as NPR's Brian Naylor reports, things have been tough for some of the federal workers affected by the breach.

BRIAN NAYLOR, BYLINE: The news headlines last June were pretty dramatic.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER #1: The breach into the Office of Personnel Management.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER #2: A massive...

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER #3: Massive...

(SOUNDBITE OF ARCHIVED RECORDING)

LESTER HOLT: Massive hacking attack that compromised data on over 21 million Americans.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER #4: Really remarkable in its size and its scope.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER #5: Worse than they previously thought.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER #6: The experts tell us this is just...

NAYLOR: That was then. Now...

BETH COBERT: There's a whole series of things around technology, around people and around process that are different today than a year ago.

NAYLOR: That's Beth Cobert. She's the acting director of OPM, and she's one of the changes at the agency replacing Katherine Archuleta who resigned under pressure from Congress last July. Cobert says cybersecurity has been amped up under her watch.

COBERT: We have two factor authentication to access the network. That means you need a card as well as a password to log onto your computer. We can see all the devices that are connected to a network at any time. When we see data leaving the network that we think is suspicious, we can catch it. We've got tools that detect malware, so there's a whole series of multilayer defense as we put into our systems.

NAYLOR: Cobert says government workers can't even check their Gmail accounts from their office computers any longer. The Department of Defense and Homeland Security have been helping OPM design a new more secure software system to allow the agency to conduct government background checks rather than contracting them out.

Republican Congressman Will Hurd of Texas is a former CIA agent whose personnel records were among those hacked. He says OPM is moving in the right direction under Cobert. But Hurd says there are still lots of vulnerabilities across government.

WILL HURD: Whether it's Department of Education that has tons of information on anyone who's going to school to Social Security Administration that has information on every single American, I've seen that they're not even adopting some of the best practices when it comes to good digital system hygiene.

NAYLOR: It took OPM some six months to formally notify the millions who had their records breached. They're eligible for three years of credit monitoring and identity theft protection services. Hurd says he personally hasn't noticed any ill effects from the stolen records.

Ryan Lozar thinks he has. The former federal court clerk says he froze his bank accounts after someone spent thousands at Best Buy in his name and opened a PayPal account.

RYAN LOZAR: It turns into this endless explaining - and really, like, they're treating me as someone who has been rejected as having bad credit even though it's a freeze. And it's just exhausting and frustrating.

NAYLOR: Lozar is a plaintiff in a class-action suit filed against the government by the American Federation of Government employees. Among other things, it seeks monetary damages and lifetime credit monitoring and identity theft protection for the affected people. A hearing is expected this fall. Government officials have pointed to China as being behind the breach. Acting OPM director Cobert acknowledges that whoever it is, the U.S. government still has work to do.

COBERT: There's a whole set of adversaries out in the world who keep looking for bad things, and we've got to fundamentally modernize our systems to build in security by design.

NAYLOR: But, she says, the government has made significant strides in the last 12 months when it comes to protecting its data. Brian Naylor, NPR News, Washington.

Copyright © 2016 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

All Tech Considered

All Tech Considered

Tech, Culture and Connection

About