In 2014, the US Office of Personnel Management was hacked (presumably by Chinese spies), and leaked 22,000,000+ records of Americans who’d applied for security clearance, handing over the most intimate, compromising details of their lives (the clearance process involves disclosing anything that could be used to blackmail you in the future). This didn’t come to light until 2015.
It’s still not clear how OPM got hacked, but signs point to a failure at one of its contractors, Keypoint Government Solutions, who appear to have lost control of their logins/passwords for sensitive OPM services.
In the wake of the hacks, the job of giving out security clearances has been given to a new government agency, the National Background Investigations Bureau.
NBIB is about to get started, and they’ve announced that they’re contracting out significant operations to Keypoint. Neither Keypoint nor the NBIB would comment on this arrangement.
One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack.
Earlier this month, OPM said it was awarding four contracts for “investigative fieldwork” to KeyPoint, CACI Premier Technology Inc, SCRA LLC and Securitas Critical Infrastructure Services. OPM said the four companies were the only ones to bid for the investigation contracts.
A congressional investigator noted that after OPM fired one major investigations contractor, the agency’s backlog in processing clearance investigations increased.
New U.S. ‘secret’ clearance unit hires firm linked to 2014 hacks [Mark Hosenball/Reuters]
(via Naked Capitalism)