Reacting to Chinese hack, the government may not have followed its own cybersecurity rules
In responding to China’s massive hack of federal personnel data, the government may have run afoul of computer security again. Over the last nine days, the the Office of Personnel Management has sent e-mail notices to hundreds of thousands of federal employees to notify them of the breach and recommend that they click on a link to a private contractor’s Web site to sign up for credit monitoring and other protections. But those e-mails have been met with increasing alarm by employees -- along with retirees and former employees with personal data at risk -- who worry that the communications may be a form of “spear phishing” used by adversaries to penetrate sensitive government computer systems.
After the Defense Department raised a red flag about the e-mails its 750,000 civilian employees were starting to receive, OPM officials said that the government had suspended its electronic notifications. “We’ve seen such distrust and concerns about phishing,” OPM spokesman Sam Schumach acknowledged, describing the feedback from many of the 4.2 million current and former employees who are being notified that personnel files containing their Social Security numbers, addresses and other personal information may have been stolen. Computer experts said the personnel agency -- already under fire from lawmakers from both parties for failing to protect sensitive databases from hackers -- could be putting federal systems in jeopardy again by asking employees to click on links in the e-mails.
Reacting to Chinese hack, the government may not have followed its own cybersecurity rules