A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?'”
There are two items I’m angry about this week; the shooting in Charleston, South Carolina and the OPM data breach for vastly different reasons. The implications of the lax security by the OPM is astounding and makes me wonder how much critical US information is open for any country to pilfer.
Source: Ars Technica