Issues for the American OPM (Office of Personnel Management) aren’t easing up. The OPM said on Monday it had shut down a website utilized for personal investigations after a vulnerability was found in the Web-based application.
Office of Personnel Management officials expressed Congress they supposed their networks were safe, however on Monday the OPM announced it had found a “vulnerability” in the contextual investigation network, which is named e-QIP (Electronic Questionnaires for Investigations Processing). A spokesperson from OPM said e-QIP won’t accept new apps for 4 to 6 weeks.
The OPM said in a statement that there was no proof the vulnerability had been misused.
However the step amounts to an implied admission the online submission network is vulnerable, and few agencies are thinking to switch more old school procedure of submitting information on paper, as per stated by sources linked with the concern who are illicit to speak in public about it.
The vulnerability in the system is reportedly not connected to the hack of the OPM’s networks, which might have leaked up to 18 million persons’ private information. The data includes everything from data of birth and SNN to records of proceedings, clearance adjudications and lot more.
A statement from OPM reads, “The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.”
OPM’s statement didn’t clarify the type of vulnerability, however OPM’s press secretary, Samuel Schumach, said, “Everyone concurred that vulnerability posed a significant risk that warranted immediate action.” The agency said the website will be shut down for next 4 to 6 weeks, and that will be the reason behind delaying the background investigations process in upcoming days.
The online system is developed to gather huge amount of private data, such as financial accounts, relatives’ information and under processes federal checks. Workers sign in through their SSNs.
Armstrong Teasdale’s head of the security approval practice, Brian Kaveney, said the step would have worst results for organizations looking for security clearances for their workers, composting a logjam produced by compulsory budget cuts earlier in 2013.
In an interview Kaveney said, “This security measure will doubtlessly increase the processing time of clearance applications and potentially create a backlog, slowing business efforts to deliver classified goods and services to the federal government.”
He added, “Several federal agencies have worked incredibly hard to reduce the backlog caused by 2013’s budget sequestration and other issues, and now we may be facing a similar slowdown caused by security problems.”
The attackers are supposed to have retrieved the private data of 4.2 million former and current government workers, however they similarly could have stolen the SNNs of 18 million US citizens who have experienced background investigations for private federal jobs.
In case the agency stops handling these documents online, it could depend on the submission of old school paperwork, a procedure that would slow these investigations.