House GOP on Oversight Committee Release Report on Year-Long Investigation into OPM Data Breaches

House Oversight and Government Reform Chairman Jason Chaffetz (R-UT) released a staff report titled, The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation, chronicling the Committee’s year-long investigation into how highly personal, highly sensitive data of millions of Americans was compromised by a foreign adversary in 2015. The report outlines findings and recommendations to help the federal government better acquire, deploy, maintain, and monitor its information technology. As a result of one the Committee’s findings, Chairman Chaffetz sent a letter to the Government Accountability Office (GAO) requesting an opinion on whether the Office of Personnel Management (OPM) violated the Anti-Deficiency Act (ADA) when it accepted services from a company without payment. Key Findings:

• The OPM data breach was preventable.
• OPM leadership failed to heed repeated recommendations from its Inspector General, failed to sufficiently respond to growing threats of sophisticated cyber attacks, and failed to prioritize resources for cybersecurity.
• Data breaches in 2014 were likely connected and possibly coordinated to the 2015 data breach.
• OPM misled the public on the extent of the damage of the breach and made false statements to Congress

Key Recommendations:

• Reprioritize federal information security efforts toward zero trust.
• Ensure agency CIOs are empowered, accountable, and competent.
• Reduce use of social security numbers by federal agencies.
• Modernize existing legacy federal information technology assets.
• Improve federal recruitment, training, and retention of federal cybersecurity specialists