This Wall Street Journal alert states that the White House played fast and loose with reality to avoid disclosing the severity of the Office of Personnel Management hack. It did this by declaring that there were two unrelated attacks so that full disclosure could be avoided:
“Obama administration officials defined the hack of Office of Personnel Management employee documents as two distinct breaches, a decision that allowed officials to initially deny millions of the government’s most sensitive employee-security records had been stolen, according to officials familiar with the matter.
FBI agents suspect China was behind the hack of OPM databases, and those hackers accessed not only personnel files but security-clearance forms, according to officials. The administration disclosed the breach of personnel files on June 4 but not the security-clearance theft, underscoring tensions within the government over what officials have described as one of the worst breaches of government data. The OPM also said it is investigating whether up to 18 million “unique” Social Security numbers were stolen as part of the cyberattack.”
It is a sad state of affairs that the White House, which is leading the drive to force full disclosure on merchants that have been hacked, has gone to great lengths to avoid doing exactly the same. As the White House now understands is that, while disclosure is important, so is the need to lock down networks and systems while collecting information that will identify the perpetrators, and all of these actions are jeopardized when the criminals are told they have been discovered and resources immediately re-assigned to gathering disclosure related data rather than managing the internal networks and systems to kick the hackers out.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
Read the full story here