A Virginia cybersecurity firm said it discovered spyware in the Office of Personnel Management’s computer networks in April, raising questions about the government’s assertion that it detected the massive intrusion on its own.
OPM said on June 4 that hackers broke into its network, potentially compromising the personnel records of 4.2 million current and former government employees. Late Friday, the agency said the breach was much worse than it initially thought, acknowledging that hackers might have stolen volumes of security-clearance records that millions of people must file to secure jobs in national security, law enforcement, and other sensitive posts.
Several U.S. officials have said they believe the breach is linked to Chinese hackers–something Chinese officials deny–but it has remained unclear how hackers penetrated the network and who discovered the breach.
OPM officials have said they discovered the intrusion on their own, immediately taking steps to address it. But The Wall Street Journal reported last week that a Virginia firm, CyTech Services Inc., discovered the intrusion when carrying out a demonstration of security software.
CyTech officials now are detailing their role in the breach, potentially the largest theft of personnel records in history, putting the federal agency on the defensive. Congress is expected to sort through the conflicting accounts of the intrusion.
SOURCE: DAMIAN PALETTA