House Science, Space, and Technology Committee Chairman Lamar Smith (R-TX) recently sought documents related to an Office of Personnel Management (OPM) data breach that could have exposed information to foreign nationals.
Smith requested the information in letters to Office of Management and Budget (OMB) Director Shaun Donovan and acting OPM Director Beth Cobert.
“The identification of foreign nations as one of the most serious cyber threats to agencies underscores concerns that were raised after last year’s OPM breach over the potential access to OPM’s sensitive data by foreign nationals,” Smith wrote. “According to news reports at the time, it appears that some of OPM’s contractors may have given ‘foreign governments direct access to data long before the recent reported breaches.’ In one instance, an administrator for the project was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root.”
The Government Accountability Office (GAO) released a report last month that found that OPM was among “the 18 agencies having high-impact systems identified cyber attacks from ‘nations’ as the most serious and most frequently-occurring threat to the security of their systems.”
“Additionally, a different team working on the database was led by two employees with passports from the People’s Republic of China,” Smith said. “In other words, an agency that identifies foreign nations as the source of the most serious and frequently occurring threat, either failed to realize that foreign nationals had access to its database, or knew it and failed to correct the situation.”
Smith requested information from the OPM, which was involved in the data breach, and the OBM, which has statutory oversight of OPM compliance with federal cybersecurity standards.