US Government Disables Personnel System Over Security Fears

The US government personnel agency recently targeted by a major hack said it has taken a web-based system offline after a security vulnerability was discovered.

The Office of Personnel Management (OPM) said the e-QIP system, a web-based platform for completing and submitting background investigation forms, was likely to remain offline for four to six weeks while security repairs were implemented.

‘Proactive’ step

“The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited,” the OPM said in a statement. “OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.”

The organisation disclosed earlier this month that it had been targeted by an attack that resulted in the theft of millions of records containing detailed personal information on prospective, current and former US government employees.

Following the incident the OPM and its partners began carrying out a review of its IT systems, and the e-QIP bug was discovered during this review, the agency said.

The OPM said it would work with its partners on alternatives to e-QIP while the system was offline.

Security ‘priority’

“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls,” said OPM director Katherine Archuleta in a statement. “This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”

A top US intelligence official last week named China as the top suspect in the hack. China has said it was not involved.

Investigators had previously said that forensic evidence linked the OPM attack to other incidents thought to have been sponsored by China.

Are you a security pro? Try our quiz!