Discontent over the Administration’s handling of the massive Office of Personnel Management data breach has already reached fever pitch among the millions of current and former federal employees put at risk. Evidently Congress is also displeased, because House Oversight Committee chairman Jason Chaffetz (R-UT) is talking about issuing subpoenas to OPM officials.
As reported by Roll Call, Chaffetz said during a C-SPAN appearance that his committee would begin holding hearings on the data breach Tuesday, and he has found OPM officials “very resistant” to testifying. “I’m prepared to issue a subpoena, if need be, to get them there.”
The full half-hour video of Chaffetz’ remarks appears below. The OPM issue is the first topic discussed.
As Roll Call characterizes his remarks, Chaffetz is critical of the Administration’s vulnerability to this hacking attack. “It’s clear we should have seen this coming a long time ago,” he said, going on to criticize the Administration for not taking the problem seriously enough.
Like the federal employees who have complained of being left to twist in the wind for months until the breach was acknowledged – and then forced to sit through days of stonewalling while officials revised their stories about how severe the penetration was, and how many people were affected – Chaffetz does not seem impressed with the transparency or vigor of the Administration’s response. He wasn’t thrilled with how the Administration generally frustrates and subverts the Freedom of Information Act, either, discussing the need to put more muscle behind the law.
Roll Call notes that Chaffetz briefly discussed the scandal surrounding the private email server maintained by former Secretary of State Hillary Clinton. He “seemed reluctant to commit to a full investigation in his panel,” possibly because Rep. Trey Gowdy’s (R-SC) Benghazi Select Committee is already digging into the Clinton affair.
ABC News reports on a major stumbling block for the OPM investigation: the activity logs necessary to precisely track the activity of intruders only go back 60 days in many cases, while the major damage from the hack occurred last December.
Information that would point to how many people inside and outside of government have been affected by the intrusion is simply lost, the head of the Department of Homeland Security’s cyber response team, Ann Barron-DiCamillo, told a group of attorneys in Washington.
“One of the things that’s difficult for us is coming up with a hard-and-fast number, especially with records that are out the door,” Barron-DiCamillo said in response to a question from ABC News.
Many government computer systems hold onto “data logs” — records that document access to files, specific user activity, system traffic and more — for up to 60 days, according to Barron-DiCamillo.
But “these events happened months ago,” she said of the OPM breach. “So a lot of the forensic evidence we need to be able to come up conclusively with those numbers [of victims] is just not there. And so the investigators have a really hard time trying to piece all that information together.”
“It’s trying to identify something that has been written over many times,” she added.
ABC’s sources support claims from other insiders that the number of people affected by the data breach is far greater than the 4.2 million officially admitted to by the government so far, although the director of Homeland Security’s U.S. Computer Emergency Readiness Team expressed some skepticism about the worst-case total of 14 million that has been floated by some sources.
The damage might extend beyond current and former government employees, and even beyond American citizens. ABC notes that “foreign contacts” and relatives of affected government employees living overseas might have been compromised, as well as military contractors.