Testifying before the House Oversight and Government Reform Committee, Office of Personnel Management (OPM) Director Katherine Archuleta said encryption would not have helped thwart the recent hack that left four million federal employees at risk.
Speaking to Ars Technica, an OPM contractor says foreign workers had access to the system at a root level. The breach was believed to have originated in China.
One contractor “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago.”
Archuleta, having taken her post 18 months ago, said encryption was “not feasible” on the dated network her agency was operating on. She did say her office was currently working to encrypt its data.
➤ Encryption “would not have helped” at OPM, says DHS official [Ars Technica]