Lack of Transparency in the OPM Hack
The government's handling of the Office of Personnel Management breach has come under fire. Critics say the severity of the attack has been downplayed at every step. Here is a list of complaints in disclosing facts about the hack.
- It was reported on June 4 that personnel files had been compromised, though nobody mentioned the theft of security clearance files.
- The theft of the security clearance files was reported the following week, though it's been revealed that this was known earlier.
- OPM officials denied the theft of the security clearance files prior to June 4 in an interview with the Wall Street Journal.
- On June 5, the OPM claimed there was no evidence that any information was stolen that wouldn't be found in a normal personnel file, though they already knew otherwise.
- That same day, Janet Napolitano, former head of the Department of Homeland Security and current University of California System President, sent a letter to university officials to notify them that anyone with security clearance, possibly including people who hadn't actually worked for the federal government, might be victims of the hack.
- Behind the scenes people said that the White House and the OPM agreed to handle the cyberattack as two separate breaches, which let them initially report that only around four million people had been affected instead of 18 million.
- It wasn't until four days later that the security clearance forms had also been stolen.
- There's debate over whether OPM Director Katherine Archuleta purposely downplayed the 18 million number, saying she wasn't sure where that figure came from and referring only to the initial four million report. The FBI later said that the 18 million figure came from the OPM, suggesting that she should have known the context of the number. To her credit, she did say the number might grow.