[Infowarrior] - OPM's botched notification

[Richard Forno]

Reacting to Chinese hack, the government may not have followed its own cybersecurity rules
By Lisa Rein June 18 at 6:00 AM

In responding to China’s massive hack of federal personnel data, the government may have run afoul of computer security again.

Over the last nine days, the the Office of Personnel Management has sent e-mail notices to hundreds of thousands of federal employees to notify them of the breach and recommend that they click on a link to a private contractor’s Web site to sign up for credit monitoring and other protections.

But those e-mails have been met with increasing alarm by employees — along with retirees and former employees with personal data at risk — who worry that the communications may be a form of “spear phishing” used by adversaries to penetrate sensitive government computer systems.

After the Defense Department raised a red flag about the e-mails its 750,000 civilian employees were starting to receive, OPM officials said late Wednesday that the government had suspended its electronic notifications this week.

< - >

The contractor, CSID, resumed the e-mail notifications late Wednesday with a change designed to give employees more confidence that the communications are legitimate and the company’s Web site secure, Schumach said. They still have the option to click directly on a link to enroll in credit protection services, but now they can copy and paste the Web site address, https://www.csid.com/opm/ themselves, a more secure strategy.

< - >

http://www.washingtonpost.com/blogs/federal-eye/wp/2015/06/18/reacting-to-chinese-hack-the-government-may-not-have-followed-its-own-cybersecurity-rules/

--
It's better to burn out than fade away.