Last week, the Office of Personnel Management (OPM) announced that “sensitive information” on 21.5 million personnel was stolen from their systems.
Today, OPM announced additional information about the recent cyber incident Learn more: http://t.co/YrWkqJKyYO. pic.twitter.com/46pLmaWMxJ
— Beth Cobert (@CobertFormerOPM) July 9, 2015
Soon after this “enormous breach” (so said FBI director James Comey) was announced, OPM Director Katherine Archuleta resigned and Beth Cobert stepped up as a temporary replacement.
#OPM director Katherine Archuleta's resignation statement: http://t.co/iu6sp1pXc6
— GovLoop (@GovLoop) July 10, 2015
As the U.S. government begins to deal with this massive cybersecurity breach, many have taken to Twitter to share their feelings, ideas, conspiracy theories, and even some gallows humor.
(Disclaimer: These tweets are short takes of people’s thoughts, often written quickly, sometimes emotionally. They do not reflect the opinions of the author or GovLoop.)
Damian Paletta, national security and intelligence reporter at the Wall Street Journal, struck the right level of alarm.
Hackers likely stole EVERY SINGLE background investigation form completed by OPM since 2000. Every single one.
— Damian Paletta (@damianpaletta) July 9, 2015
Security experts, pundits, and armchair technologists are weighing in on what the U.S. government and its employees should do next.
The gov't needs to fix its own cybersecurity before proposing bad "solutions" like CISA. https://t.co/iuL6EdZJ0V pic.twitter.com/78hZbras4Z
— EFF (@EFF) July 13, 2015
Largest federal employee union sues over OPM hack http://t.co/0wR6amwRNA
— National Journal (@nationaljournal) July 1, 2015
Hey you 21,499,999 former coworkers of mine. Wonder what we should do now? https://t.co/ac4cHHvHk1
— Maria Streshinsky (@Mstreshinsky) July 9, 2015
More than a week before, after announcing a smaller but still severe hack, the OPM took some action by shutting down its database and moving its security clearance process to paper.
Out of an abundance of caution, OPM has temporarily taken our background investigation system (e-QIP) offline: http://t.co/8mHxWECVan
— U.S. Office of Personnel Management (@USOPM) June 29, 2015
This move got blowback, both before and after the OPM released the updated number of those affected by the hack.
https://twitter.com/Duranni1/status/618773670878703616
Reading @GovExec: OPM's Return to Paper Security Clearance Processing Roils Contractors, Lawmakers http://t.co/rvRJ08Px7n #OPMhack
— cdorobek (@cdorobek) July 7, 2015
https://twitter.com/MrBryanRuby/status/618579562843217921
The back-to-paper idea had been floated before people knew the true scale of the hack, though with a twist.
Maybe now people will see the wisdom of keeping OPM's federal retirement records on paper, inside a series of caves. http://t.co/SqJAUoPk1W
— David Fahrenthold (@Fahrenthold) June 5, 2015
As OPM officials referred to it as a “cybersecurity incident” or sometimes a “data exfiltration,” people and the media debated what the OPM problem should be called.
Mark Knoller, CBS News White House Correspondent, pointed out the OPM’s phrase of choice and got a lot of responses.
@markknoller @USOPM That's an Orwellian construct. "Exfilration" is when you get people out of harm. This was *theft*.
— Ed Morrissey (@EdMorrissey) July 10, 2015
@markknoller for what it's worth, that's the proper terminology. We use it in security consulting/testing.
— Ben Ten (0xA) (@Ben0xA) July 13, 2015
The naming debate had been brewing for a while.
Call it a “data rupture”: Hack hitting OPM affects 21.5 million http://t.co/GbJdY4U9Nd by @dangoodin001
— Ars Technica (@arstechnica) July 9, 2015
why "data breach" is too polite for describing what actually happened at OPM, by @jcbackus https://t.co/vlaXeOhXXt pic.twitter.com/xZlp8n8BB3
— Sarah G McBride (@mcbridesg) July 2, 2015
No matter what you call it, the OPM data breach/incident/hack/leak/rupture/intrusion/exfiltration/disaster has emotions running high.
When I remember everything I disclosed on those forms. . . I think I'm in the pissed off stage of this process. #OPMHack #1of21million
— Juliette Kayyem (@juliettekayyem) July 10, 2015
OPM got hacked and all I got was this stupid e-mail http://t.co/ZKxx92alWW by @drgitlin
— Ars Technica (@arstechnica) July 11, 2015
Amidst the unsettling news, folks did get a little stress release from laughter.
Hoping for a little more respect on my next visit to China, now that they can see from my OPM records how promptly I pay my cable bill.
— David Frum (@davidfrum) July 9, 2015
#OPMHack:
M: they have your name & address
Tu: & your SSN
W: & your moms SSN
Th: & your fingerprints
F: But not your DNA!
S: Ok your DNA too— PoIiMath (@politicalmath) July 9, 2015
Twitter being part of the internet, cat jokes definitely made an appearance.
https://twitter.com/Popehat/status/619545000817233920
https://twitter.com/attackerman/status/619547216609419264
https://twitter.com/modernscientist/status/619628634014392320/photo/1
Lauren Girardin is a marketing and communications consultant, writer, and trainer. Find her on Twitter at @girardinl.
The data should have been encrypted. This is a serious issue and the wrong person at OPM left over this.
Thanks for sharing your thoughts, David. My hope is that agencies learn from this crisis, and quickly!