Out-Law News 1 min. read
05 Jun 2015, 12:24 pm
The US Office of Personnel Management (OPM) said that in April it spotted that its computer systems had been subject to a cyber attack and that this may have resulted in personal data of US government employees past and present being "compromised". It has warned the people affected to be vigilant against potential identity fraud.
"Within the last year, OPM has undertaken an aggressive effort to update its cyber security posture, adding numerous tools and capabilities to its networks," the OPM said in a statement. "As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls."
"Beginning June 8 and continuing through June 19, OPM will be sending notifications to approximately 4 million individuals whose personally identifiable information was potentially compromised in this incident," it said.
OPM said that it has "implemented additional security measures to protect the sensitive information it manages" as a result of the incident and that it is working with the US Department of Homeland Security’s US Computer Emergency Readiness Team (US-CERT) and the FBI "to determine the impact to federal personnel".
OPM performs a number of functions for the US government, including the management of government staff recruitment. It also carries out background checks on prospective employees and for security clearances across the US government, and manages retired US government workers' pension benefits.
Plans to require US businesses to notify consumers within 30 days of a breach of the security of their personal data were outlined by US president Barack Obama earlier this year.
A recent study conducted by PwC on behalf of the UK government found that 90% of large organisations and 74% of small businesses in the UK experienced a security breach in the past year.
The worst data breach incidents are costing UK businesses between £1.5 million and £3m on average through business disruption, lost sales and assets and damage to reputation, the study found.
Businesses operating in the EU will be required to be more transparent about breaches of personal data in future under planned new data protection laws.
Last month information law expert Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said businesses need more guidance from policy makers on when the requirement to report data breach incidents will be triggered.