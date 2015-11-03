By Dustin Volz
| WASHINGTON
About 5 million notifications about the hack have been sent
out so far, a spokesperson for the U.S. Office of Personnel
Management (OPM) told Reuters in an email.
The slowness of the notification process underscores
Washington's struggles in dealing with its computer
vulnerabilities, a growing problem that the Obama administration
has been trying to address.
After it fell victim to two successive cyberattacks, both
begun in 2014 and revealed earlier this year, OPM was roundly
criticized by lawmakers for its response.
OPM had no immediate additional comment on the matter on
Tuesday, or on its expected notification timetable ahead.
Officials have privately blamed China for the OPM breach.
The Defense Information Systems Agency in September awarded
a $1.8 million contract to Advanced Onion, a technology firm, to
help locate and notify victims of the OPM breach, which exposed
names, addresses, Social Security numbers and other sensitive
information of current and former federal employees and
contractors. About 5.6 million fingerprints were pilfered, an
upwardly revised number from an initial estimate of 1.1 million.
The notification process for the smaller of the two
breaches, which affected 4.2 million individuals, raised alarm
when victims were asked to follow instructions online in prompts
that some said resembled phishing scams. Others complained of
long wait times with support call centers. That episode prompted
the government to pursue Advanced Onion to deal with the larger
breach, a process that took several months.
It has been six months since the larger OPM hack was
detected, and more than a year and a half since hackers first
infiltrated the agency's databanks.
In July, OPM Director Katherine Archuleta resigned amid
growing scrutiny of the agency's cybersecurity practices and its
ability to respond to the breaches.
Officials have offered three years of credit monitoring and
identify-theft monitoring services to hacked employees.
Despite the precaution, a prominent cybersecurity researcher
said on Monday there was no indication any hacked OPM data was
for sale on the black market, reaffirming the likelihood that
the hackers were working for a foreign country.
