The US government has confirmed that records of current and former federal employees are at risk, following news that the Office of Personnel Management (OPM) suffered a series of cyberattacks. Despite reportedly beginning in late 2014, it took until April before the intrusions were detected.
Here is some expert cybersecurity input regarding the breach:
There is a changing cybercriminal landscape that the United States has been relatively slow to adapt to:
"Cyber espionage by state-sponsored actors is in fact cybercrime," said Jason Polancich, founder and chief architect at SurfWatch Labs. "China and Russia signed a no-hack agreement last month likely, in part, because one is the produce (China) and the other is the marketer (Russia) of today's cybercrime, now a world-sized cottage industry."
"Clearly, the government's approach to cybersecurity needs to be reformed, prioritized and accelerated," said Grayson Milbourne, security intelligence director at Webroot. "That the breach might have been carried out by the Chinese does not absolve the OPM of blame. The issue here is the government's technological failings and what it should be doing to prevent future attacks."
Of course, China - which could be behind the attacks - is taking a diplomatic approach to rejecting responsibility: "Cyberattacks conducted across countries are hard to track, and therefore the source of attacks is difficult to identify," said a spokesman from the Chinese Embassy in Washington, D.C. "Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive."