In early June, U.S. government officials admitted that there had been a data breach into federal computers, whereby employees’ personal information was possibly leaked — but officials conveniently neglected to admit that security-clearance information had been stolen as well, making it one of the largest thefts of government records.
It was clear right from the start that this wouldn’t be an easy story to untangle — and in the past month, it has only become more complicated.
The problem began back in April, when agents at the Federal Bureau of Investigation (FBI) discovered a breach in the computer system at the Office of Personnel Management (OPM); agents suspected that China was behind the breach, wherein everything from personal records to security-clearance forms were stolen. (The Chinese government has since denied any involvement in the scandal.)
News broke early in June that there had been a breach of personnel files, the Wall Street Journal reported. After responding in the only reasonable way following a digital security problem — i.e., sending out an email to everyone that was likely affected by the breach — the government waited a week before admitting that sensitive documents regarding national security matters had been stolen as well.
Authorities have since admitted that as many as 18 million Social Security numbers were stolen, making this incident very much unlike the data breaches faced by about 43% of U.S. businesses each year.
But now that security-level information is involved, many Americans are asking who should be held liable for this grave mistake.
The answer? According to OPM Director Katherine Archuleta, it certainly isn’t anyone at her agency.
USA Today reports that House Oversight Committee Chairman Jason Chaffetz, along with other lawmakers, have called on Archuleta to resign, and the Washington Post states that multiple members of Congress have criticized OPM for “failing to respond to prior reports from the inspector general warning of vulnerabilities in its computer systems.”
Authorities are likely experiencing a bit of déjà vu at the moment: Archuleta “repeatedly pointed to an ongoing [security] upgrade project,” which was implemented after the government’s computer system was hacked in March 2014 — when government officials, unsurprisingly, waited months before telling the public.
It would now seem that no organization was behind the attack and no organization involved in the attack should be considered negligent and responsible, so all that remains is to figure out who will have to pay for it (hint: American taxpayers).