The Office of Personnel Management confirmed Thursday afternoon that more than 48,000 federal employees may be at risk after a background check contractor’s network was breached.
OPM spokeswoman Nathaly Arriola confirmed in an email to FedScoop that KeyPoint Government Solutions, a Fairfax, Virginia-based company contracting for the agency, faced a cybersecurity breach of a network containing information on federal employees. OPM plans to notify 48,439 individuals Thursday who may be at risk and will offer them free credit monitoring services.
“We take very seriously our responsibility to protect sensitive data in background investigations, and our top priority is to make sure the networks that handle that data are secure,” Arriola wrote. “KeyPoint has worked closely with OPM to implement additional security controls that will afford its network greater protection.”
FedScoop obtained an internal email sent by OPM Chief Information Officer Donna Seymour to the agency’s employees explaining how her office was reacting to the breach.
“We have worked closely with technical experts at the Department of Homeland Security to investigate this incident, and while we found no conclusive evidence that PII was taken by the intruder, OPM has elected to conduct these notifications and offer credit monitoring to affected individuals out of an abundance of caution,” Seymour wrote. She said the less than 50 OPM employees at risk in the breach, as well as the thousands more around the government, should receive a notification shortly.
“Following the discovery of the problem, KeyPoint implemented numerous controls to strengthen the security of its network,” Seymour wrote. “The immediacy with which KeyPoint was able to remediate vulnerabilities has allowed us to continue to conduct business with the company without interruption.”
That differs somewhat from an otherwise similar network breach in August of Falls Church, Virginia-based USIS, which led to the compromise of personal information on more than 25,000 federal employees. OPM immediately ceased all “field investigative work with USIS,” OPM communications director Jackie Koszczuk told FedScoop then. Just over a month later, OPM ended its contract with USIS.