What happens when the very agency responsible for safeguarding government personnel data becomes the target of an unprecedented cyber attack? Join us on this riveting episode of Technology Tap as we unravel the intricacies of the infamous Office of Personnel Management (OPM) breach. I'm Professor JRod, guiding you through a special summer series episode where we dissect the 2013 cyber intrusion that compromised sensitive federal employee information. With former Navy personnel Michelle, Wesley, and Oksana shedding light on the timeline and implications, this episode offers a rare, personal glimpse into the far-reaching impact of such a breach.
Listen to Michelle recount her firsthand experience as a victim of the OPM breach and learn how hackers infiltrated the OPM's networks, remaining undetected for months. Discover the alarming vulnerabilities in governmental cybersecurity practices that led to the eventual resignation of OPM Director Katherine Archuleta. Through engaging conversations and detailed analysis, this episode emphasizes the critical need for proactive threat detection and robust data protection measures, making it an essential listen for anyone concerned with the security of personal information in our digital age.
What happens when the very agency responsible for safeguarding government personnel data becomes the target of an unprecedented cyber attack? Join us on this riveting episode of Technology Tap as we unravel the intricacies of the infamous Office of Personnel Management (OPM) breach. I'm Professor JRod, guiding you through a special summer series episode where we dissect the 2013 cyber intrusion that compromised sensitive federal employee information. With former Navy personnel Michelle, Wesley, and Oksana shedding light on the timeline and implications, this episode offers a rare, personal glimpse into the far-reaching impact of such a breach.
Listen to Michelle recount her firsthand experience as a victim of the OPM breach and learn how hackers infiltrated the OPM's networks, remaining undetected for months. Discover the alarming vulnerabilities in governmental cybersecurity practices that led to the eventual resignation of OPM Director Katherine Archuleta. Through engaging conversations and detailed analysis, this episode emphasizes the critical need for proactive threat detection and robust data protection measures, making it an essential listen for anyone concerned with the security of personal information in our digital age.
If you want to help me with my research please e-mail me. Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.com
Art By Sarah/Desmond Music by Joakim Karud Little chacha Productions
Juan Rodriguez can be reached at TikTok @ProfessorJrod ProfessorJRod@gmail.com @Prof_JRod Instagram ProfessorJRod
Speaker 1:
Thank you and welcome to technology tap. I'm professor j rod in this episode, our second episode of our summer series. Let's get into it. All right, welcome back to Technology Tap. I'm Professor J-Rod. For those of you who don't know me'm, my name is professor j rod and I am professor of cyber security, and I've been doing this podcast I don't know almost going on four years and for this summer.
Speaker 1:
Usually I don't really do a lot during the summer as far as podcasting, but I did a. Uh. Something interesting happened when I was working on my dissertation. I met someone who agreed to help me with the survey. He participated in the survey when I was doing my research and one of the things that he told me is that he has his students, instead of doing a presentation, he does it. He has them do a podcast of whatever research he asked them to do. So I thought this was a great idea and I gave my students the option of making their PowerPoint presentation into a podcast.
Speaker 1:
So this series is based on that, and so in this episode we are going to listen to Michelleelle, wesley and oscana and they're going to talk about the hack of the office of personal management breach, which personally affected michelle. Michelle is a former navy personnel and we thank you for your service. So she was actually affected by that. So it's an interesting topic because it personally affects her. So you know, let me know, listen to it, let me know what you guys think about you know, the summer series. Hopefully you like it. Hopefully you're listening to it. All right, let's take it away series. Hopefully you like it, hopefully you're listening to it.
Speaker 2:
All right, let's take it away. Welcome listeners, to Unveiling the OPM Breach. A Timeline of Intrusion In late 2013, the Office of Personnel Management, also known as OPM, experienced a significant cybersecurity breach that reverberated through government and contracted networks. What was the breach? Hackers gained unauthorized access to OPM's networks, acquiring valuable IT system manuals in late 2013. These manuals provided insights into OPM's network architecture, potentially facilitating future cyber attacks. The OPM cyber incident highlighted vulnerabilities in government cybersecurity practices and the need for enhanced data protection measures. It underscored the importance of proactive threat detection and response strategies to mitigate the risk of future breaches. Joining me are Oksana and Wes.
Speaker 3:
Thank you, Michelle. The breaches expose sensitive information about federal employees and security clearance data. This compromised data led to a public announcement of the breaches in June 2015, raising concerns about the security of government personal information.
Speaker 4:
Wow. So yeah, june 2015,. Listeners keep that date in mind. So hackers first breached the OPM and two contractors, usis and Keypoint Government Solutions, in late 2013 and early 2014. The breaches remained undetected for months, allowing intruders to access sensitive information. The breaches escalated over time, culminating in the public announcement as Oksana had mentioned in a public announcement of the breaches the data breaches in June of 2015. So imagine you're talking about the public announcement being nearly a year, year and a half later. Further investigations in May and June of 2015 revealed the extent of the breach, affecting millions of federal employees and exposing security clearance data. The breaches highlighted vulnerabilities in government cybersecurity practices and emphasized the need for enhanced data protection measures. All of this led to the OPM director, katarine Archuleta, to resign in the wake of the data breaches to resign in the wake of the data breaches.
Speaker 4:
She was under fire essentially since the revelations that millions of people's personnel data was compromised by hackers, and she actually submitted her resignation on a Friday morning and the president accepted it yeah, so just keep in mind that timeline right? So the whole thing happened, you know, began in November of 2013. And here it is July of 2015. The director is essentially forced to resign because that's how government works, right? You resign because they give you a deal. It's like they make you an offer. You can't refuse.
Speaker 1:
You can't refuse.
Speaker 4:
So it's either you resign and we'll part ways amicably or you're getting fired and then you're never going to work again in any sort of industry. So that's essentially what happened, and the reason that she was essentially let go slash resigned is because she halted a lot of the investigations into this and delayed a lot of information from going out to the public.
Speaker 2:
So the breaches expose sensitive information about federal employees and security clearance data. This compromised the data led to an announcement of the breaches in June of 2015. Again, we have to reiterate this all started in November of 2013. And we started seeing movement a year to two years later, raising concerns about the security of government personnel information. One year after the OPM data breach, what has the government learned? So a reporter by the name of Brian Naylor reported during the week that marked a year since the government first revealed that Hackett has stolen personal files of some 4 million current and former federal employees. About one month later, that number grew to more than 20 million people, including contractors, family members and others who had undergone background checks for federal Hold on.
Speaker 4:
So you mean to tell me it went from $4 million and a month later another $16 plus million. I think that number, yeah, that sounds fishy to me right? What do you guys think?
Speaker 3:
Have you been compromised?
Speaker 2:
Thank you, oksana. Actually, I was compromised. I found out that my information was part of the leak from OPM and to this day, I'm still receiving alerts that either my email, my phone number, my social security it's out there. The numbers have grown immensely throughout the years. Back in 2018, I received three notifications. In 2019, I received eight notifications notifications 2027, 2021, 8, 2022, which is just two years ago. I received 10 notifications.
Speaker 4:
Last year I received 14. And we're now in May and I've already received four notifications. You told me you've got four notifications. I've been your outreach. It's an 11-year-old breach.
Speaker 2:
Yes, and what's funny is they've all. In the beginning they only discussed two subcontractors that were breached, but within the years, I guess all of my information has leaked into other you know other places like staffing agencies. I've I've applied for a lot of uh companies and um my later has my data has been leaked, like in things, like in uh USA staffing, um wherever I got my fingerprints done Also my data was leaked, and it's not only mine but it's also my family members. So I have two children and my husband and all of our data has been leaked.
Speaker 4:
Well, that kind of makes sense to 20 million plus people, right. But the fact that in a month's time it went from 4 million, to over 20. And 11 years later. Those are old numbers. Those are old numbers, so who knows how many by now?
Speaker 2:
And that's the thing A lot of people don't know that they've been hacked.
Speaker 3:
Yes, so what about you Wes?
Speaker 4:
Well, you know, I have to say like I don't remember exactly if I've applied for jobs through OPM or USA jobs, but sounds like you know I don't get any notifications. So I'm either very, very lucky or I'm not being told that my information is out there.
Speaker 2:
You know so how, how, actually, michelle, let's get into that. How do you? Actually get notified so I was first notified that, while I was serving our country, the data had leaked. Wait a minute.
Speaker 4:
Because you're a veteran, you've got information that.
Speaker 2:
I didn't know Really. I'm going to tell you facts of how I found out.
Speaker 4:
Once.
Speaker 2:
OPM verified and found the leaks. They actually set up a lifetime monitoring, and so the company that usually gives me my alert it's called opmmyidcarecom, and if you go to that website, actually you could input some of your information and it will then tell you whether or not you've been jeopardized.
Speaker 4:
Now I'm curious Is that specific to people that have applied to jobs through OPM? I?
Speaker 2:
would I mean I'm going to look into it because I don't think I'm that lucky. So I don't know if it's exactly only OPM related, but even my email in the past. I mean, everyone has a Yahoocom account or has had one at some point, and one of my breaches were through Yahoocom.
Speaker 4:
So but when I say that it's just that I use that account with within my searching for employment, we're going to give you that information on that website again later on, just before we close, so that it stays fresh in your mind. But how about you, oksana? Have you had any breaches?
Speaker 3:
I don't think so. I haven't. I applied to jobs. She's the lucky one. She's the lucky one. I haven't applied to.
Speaker 4:
She's the lucky one she hasn't applied.
Speaker 3:
But Ukrainians can install app on their phones and in that app they have access to all information, all documents like for passport, driver license, high school diploma and they don't need to upload it individually. They can only scan a chip on their ID card and they can have access to all that. Wow.
Speaker 4:
And it's so. It's one app yeah, one scan and everything everything everything is uploaded at once, so all sorts of personal sensitive information, your emails, your birthday, your social security numbers, your driver's license.
Speaker 2:
She's a high school diploma.
Speaker 4:
Wow, she said high school diploma.
Speaker 3:
Because I have only Ukrainian high school diploma, like people who graduate from universities, like they.
Speaker 2:
That too my gosh.
Speaker 4:
Okay, so to me, right, okay. So that's you completely. One scan basically tracks your life into this one app. How vulnerable is that?
Speaker 3:
yes, so it's kind of scary yeah, I'm not sure about security, like it's defense, but it is what it is okay. Ukraine right, it's a small, small country on the other side of the world.
Speaker 4:
It is what it is. Okay. So this is Ukraine, right, it's a small, small country on the other side of the world, but this 11-year-old breach that's still affecting members today, that could be affecting me and I don't even know, is it's American? We're like a superpower, supposedly, but we can't patch this breach 11 years later. So I would say and I don't want to worry you, oksana, but I would say that you know that- one happened to you.
Speaker 4:
I be compromised or easily compromised. But yeah, I mean, think about it, right, Like that's. This is the world that we live in now. Right, it's only going to get more tech as the years roll by. We're going to try to wrap this up in a little bit. Like I said, we're going to mention to our listeners the webpage.
Speaker 2:
Basically, the OPM cybersecurity breach serves as a reminder of the ongoing challenges in safeguarding sensitive government data against evolving cyber threats.
Speaker 3:
Continued efforts are essential to strengthen cybersecurity release and protect critical information access from unauthorized access.
Speaker 4:
So, guys, thank you for joining us. We appreciate our listeners. We're going to have to do another episode in the future on what you know. Once we we're going to dissect this a little bit more and we're going to dive into what it is or how it is that these things need to get passed, because that's the field that we're in. Before we go, michelle, please one more time with the uh website so that our listeners can go on there and see what you know if they're being compromised absolutely wes, so that website is opmmy id care yes, so thank you for tuning in to unveiling the op Bridge a timeline of instruction.
Speaker 3:
Be sure to subscribe for future episodes and don't hesitate to reach out with any feedback or questions. Stay safe online and until next time.
Speaker 4:
Goodbye.
Speaker 1:
Alright, that's going to be. That's's gonna put a bow on this episode. I hope you guys like that one. I really enjoy that one. Thank you to michelle west and oscana. You guys did an absolutely banged up job on this one and we appreciate it. Until next time. This has been a Little Cha-Cha Productions. Art by Sarah, music by Joe Kim. If you want to reach me, you can email me at ProfessorJrod Jrod.