Here is a timely warning for any top company executives who wonder how a security breach might impact them.
It might cost you your job.
Katherine Archuleta was the director of the United States Office of Personnel Management (OPM). But she isn’t any more.
That’s because a hack of OPM, blamed by some on China, saw the personal information of many millions of individuals exposed.
Initially, OPM said it had discovered that the personnel data of 4.2 million current and former Federal government employees had been stolen by hackers.
But then, with red faces, it found itself in the awkward position of admitting that the scale of the compromised data was much larger, and included background investigation records of current, former, and prospective Federal employees and contractors.
“OPM and the interagency incident response team have concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, primarily spouses or co-habitants of applicants. Some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.”
Late last week, Archuleta tendered her resignation to help the department “move beyond the current challenges”. President Barack Obama has accepted Archuleta’s resignation.
Archuleta isn’t the first top exec to lose her job because of a massive data breach, and she won’t be the last.
Make sure you take security seriously in your organisation, or you might find that you’re the one with your head on the chopping block.
So, they've sacrificed the head of one bureaucrat. Draw a beard on her and that makes her the scape-goatee. It is doubtful that it will do much to mitigate the incompetence of a system that is increasingly unable to provide its own security, much less the security of those it purports to serve.