Hacking of government a problem 'decades in the making'

(Reuters) — The data breach exposing the personal data of millions of federal workers reflects decades of neglect of the U.S. government’s computer systems and could have been much worse, the head of the Office of Personnel Management said on Tuesday.

Katherine Archuleta said two security breaches OPM detected in the spring were discovered and contained because of new security measures the agency has taken in the last year, according to prepared testimony.

One breach discovered in April affected personnel records and the other, detected in May, affected background investigations for current, former and prospective government employees she said.

Both intrusions occurred before the security measures were in place, but Ms. Archuleta did not specify when.

“In an average month, OPM, for example thwarts 10 million confirmed intrusion attempts targeting our network. These attacks will not stop — if anything, they will increase,” she said in testimony prepared for a hearing of the House of Representatives Committee on Oversight and Government Reform.

The Obama administration disclosed this month that hackers had stolen data on millions of current and former U.S. government employees from OPM computer systems. The White House says up to 4 million people were affected.

U.S. officials suspect the cyber attack was linked to China, but the administration has not yet publicly accused Beijing. China denies any involvement in hacking U.S. databases.

Accusations of a Chinese role in the attack could further strain ties between Washington and Beijing, and raised questions about how the United States might respond if China’s involvement were confirmed.

The annual “Strategic and Economic Dialogue” between U.S. and Chinese officials is scheduled for next week.

Officials have since acknowledged that the information stolen also includes personnel records and sensitive information on millions of people, including military and intelligence personnel and contractors, who had obtained security clearances.

The hacks came before OPM had fully implemented new security procedures that restricted remote access for network administrators and reviewed connections to outside systems through the Internet.

“I want to emphasize that cyber security issues that the government is facing is a problem that has been decades in the making, due to a lack of investment in federal IT systems and a lack of efforts in both the public and private sectors to secure our internet infrastructure,” Ms. Archuleta said.