Earlier this month, it was reported that the personnel records of 4 million federal employees had been compromised in a cyber attack on the Office of Personnel Management (OPM). OPM is the US Government’s HR department. As events unfold, it now appears that this breach was much worse than first reported. The Washington Times is reporting that the breach may involve records of 32 million Americans.
Office of Personnel Management Called Before Congress
All indications are that the attack was done by the same Chinese team that stole records from Anthem, the health insurance company, and that this attack used the same infiltration methodology as the Anthem attack – spearphishing.
This unfortunate incident stands as a stark reminder that cyber security is not about computers — it is about systems of computers and people. By using spearphishing to steal credentials, the attackers become malicious users as they abuse the stolen credentials.
When faced with a spearphishing attack, users will decide which emails to trust. That decision can be guesswork or it can be guided by IT using SP Guard.