Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
The agency at the center of the likely largest-ever government data breach announced Thursday that more than 25 million people have had their personal information stolen.
The revelation brings to a close more than a month of speculation over the total size of the breach, which included two separate intrusions at the Office of Personnel Management (OPM).
Initially, the OPM said in early June that 4.2 million current and former federal workers’ personnel files had been taken by cyber thieves. A week later, officials disclosed another, more serious, breach of the OPM’s data center that houses background investigation files on those seeking security clearances.
Location: East St. Paul 651 forever (or North St. Paul) .
2,860 posts, read 3,386,800 times
Reputation: 1446
Ahhh, another affirmative action quota hire bites the dust. Incompetent *$&% had no right to be where she was and many people have become victims because of it.
Is this a case of lax security? Or is it a case of hackers being ahead of the curve?
Mixture of both but a bit more is on the OPM's plate.
Federal government recently spent *tens of billions* IIRC to upgrade security for Internet/online/computer systems. That most always translates into some persons made quite a lot of money (government contractors and others) for not the best work.
It doesn't matter if we are talking about business or home computer/Internet use, the basics of security are the same;
create long passwords with a mixture of numbers, characters and letters
do not have a password that spells out a noun, is a birthdate or some equally simple thing to guess
do not write passwords down/store on, in or near your device
avoid visiting certain types of websites (most notably porn)
do not click/open unfamiliar email links or files
Investigations have found federal employees, contractors and others just have a very hard time following these basic steps. One hacker gained entry into a system because the password was *PASSWORD*. In the OPM instance a contractor lost or had his laptop stolen and his password was contained either on the system or with the device IIRC. Hackers used that "permission" to gain entry into the system then go deeper. Worse because the password was legitimate and never changed (which any idiot would do when the device was stolen/lost) it was not deactivated/changed.
Granted some of the largest billion dollar/multinational corporations who presumably have the best and brightest doing their security are hacked, but it does seem as if the federal government employs/grants access to its systems persons who have the Internet skills of a bag of rocks.
Ahhh, another affirmative action quota hire bites the dust. Incompetent *$&% had no right to be where she was and many people have become victims because of it.
Yeah I am totally sure she was the person who worked on this, and caused this vulnerability.
Yeah I am totally sure she was the person who worked on this, and caused this vulnerability.
A fish rots from the head down. While the woman may or may not have been directly responsible blame ultimately lies with whoever is running the show.
There should have been established procedures and so forth in terms of security when a laptop or whatever device is reported stolen/lost and that should have included shutting down the password associated with said employee.
A good friend contacted her bank's telephone customer service when she noticed when trying to log in windows kept popping up asking for "odd" information. CS rep told her the computer was compromised and at once shut down all Internet access to the account. Bank further instructed her by certified letter and telephone that her computer had to be "professionally" cleaned and certified virus/malware free. That information was to be placed on a notarized letter and brought to her branch in person. Then and only then (and still at the bank's discretion) would they reinstate Internet access.
This was all done but the woman still had to sign documents confirming her computer was "virus/malware free", and basically she would release/hold the bank blameless if it turned out that was not true and there were any losses.
That is how you handle things.
Federal government at all branches including the military has a long history of contractors or employees losing or having laptops/devices stolen loaded with important data including personal information of other persons. The information is rarely encrypted/password protected and in many instances the passwords are in the same case as the device. Often the theft/loss is not reported for days or weeks after the event as well.
People have and are continuing to do so. It is Obama, his administration and a few others that are trying to tamp things down. They cannot even get notification to affected individuals right because the hackers have gotten to those messages as well.
If this were fifty or so years ago at the height of the Cold War we likely would have seen a different response.
Basically the bull is out of the barn, you cannot "secure" >20 million Social Security numbers/personal data. The effects of this hack will be felt for decades.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
