US Government Agency Thwarts Hackers 10 Million Times per Month
That attack reflected decades of neglect of government computer systems and could have been much worse, Archuleta said.
U.S. officials suspect the cyber-attack was linked to China but the administration has not yet publicly accused Beijing. China denies any involvement in hacking U.S. databases.
“In an average month, OPM … thwarts 10 million confirmed intrusion attempts targeting our network. These attacks will not stop. If anything, they will increase,” she told the House Committee on Oversight and Government Reform.
Archuleta said two security breaches OPM detected this spring were discovered and contained because of new security measures taken in the last year.
One breach discovered in April affected personnel records and the other, detected in May, affected background investigations for current, former and prospective government employees, she said.
Archuleta said 4.2 million employees were affected by the OPM hack discovered in April, but refused to say how many people had been affected in the other attack. She also refused, despite repeated questions, to say how many years’ worth of records had been affected.
Archuleta described security measures her agency had taken to encrypt personal data.
“It didn’t work. So you failed. You failed utterly and totally,” scolded Republican Representative Jason Chaffetz, the committee chairman.
The committee’s top Democrat, Elijah Cummings, said he was concerned about how many people were affected by the breach, what the government was doing to help them and what foreign governments could do with the information that was accessed.
But he warned details of the investigation would not become public: “A lot of the information about the attack is classified and the last thing we want to do is give our enemies information.”
Both intrusions occurred before the security measures were in place, but Archuleta did not specify when. The hearing was the first in Congress since the OPM hack was disclosed earlier this month.
Accusations of a Chinese role in the hacking could further strain ties between Washington and Beijing, and raised questions about how the United States might respond if China’s involvement were confirmed.
The annual “Strategic and Economic Dialogue” between U.S. and Chinese officials is scheduled for next week.