A US government bureau set up to conduct “secret” and “top secret” security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, US officials said on Friday.
Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB), a semi-autonomous entity within the US Office of Personnel Management (OPM), came ahead of the bureau’s official opening scheduled for next week. Its creation was spurred, in part, by the same hacks of OPM that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information.
- The Royal Opera House Reopens After Decades Of Neglect: Here’s A Quick Tour
- Tata Sons Rubbishes Cyrus Mistry’s Allegations: Here’s What Happened
- Pakistan High Commissioner denies allegations leveled on his staffer for espionage activities
- Odisha: Villagers Refuse To Cremate Dalit Woman’s Body
- Here’s What Farhan Akhtar Said On Karan Johar-MNS ‘Deal’ Over Ae Dil Hai Mushkil’s Release
- Government’s Diwali Gift to Central Government Employees, Pensioners
- Bigg Boss 10 26th October Review: This Episode Is All About Fights
- New Zealand Beat India By 19 Runs In Ranchi; Series Levelled At 2-2
- DND Toll-Free: Noida Toll Company Moves Supreme Court Against Allahabad High Court
- British PM Theresa May Says Kashmir Is A Matter For India, Pakistan To Sort Out
- J&K: Students Suffer As Schools Along LOC Forced To Shut Amid Firing
- Jayalalithaa’s Health: AIADMK Women Supporters Continue Special Prayers For CM
- HTC Desire 10 Lifestyle First Look Video
- Fissures Remain Within Samajwadi Party: All You Need To Know
- Big Cheer For Delhi-Noida Commuters, DND Flyway Becomes Toll Free
KeyPoint representatives did not respond to requests for comment sent by email and left on the company CEO’s voice-mail. OPM spokesman Samuel Schumach said the agency has acknowledged in public statements and in congressional testimony that a KeyPoint contractor’s stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches.
Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators. Schumach said the agency has taken steps to improve security. “OPM has incorporated enhanced security language into our contracts including KeyPoint Government Solutions (KGS),” he said in a statement.
“Additionally, OPM has implemented several technical controls on our network which include multiple layers of inspection and controlled connection points prior to authorizing contractors such as KGS to connect to our network and systems,” Schumach said. “The combination of the contract language and technical controls has significantly improved OPM’s capability to monitor all of our contractors for compliance with all security requirements and mitigate risk to our systems and data,” Schumach said.
OPM Director Katherine Archuleta resigned in mid-2015 amid scrutiny of the agency’s cyber security practices. US officials have privately blamed China for the hacking. Beijing has denied the allegations, and China’s state news agency has said the breach was carried out by a criminal enterprise.
KeyPoint was one of the four companies hired by the new NBIB to conduct field interviews for security clearance investigations, OPM and officials said earlier in September. One US official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack.
Earlier this month, OPM said it was awarding four contracts for “investigative fieldwork” to KeyPoint, CACI Premier Technology Inc, SCRA LLC and Securitas Critical Infrastructure Services. OPM said the four companies were the only ones to bid for the investigation contracts.