“OPM has recently discovered that additional systems were compromised. These systems included those that contain information related to the background investigations of current, former, and prospective federal government employees, as well as other individuals for whom a federal background investigation was conducted,” the email sent to two different agencies and obtained by Federal News Radio stated. “This separate incident — like the one that was announced on June 4th affecting personnel information of current and former federal employees — was discovered as a result of OPM’s aggressive efforts to update its cybersecurity posture, adding numerous tools and capabilities to its network.”
The email says OPM, the Homeland Security Department and the FBI are investigating the second data breach. The email says OPM will notify current and former employees, and whomever else is impacted, as soon as they can be identified.
“You will be updated when we have more information on how and when these notifications will occur,” the email stated.
Agencies that sent out the email included either links or steps from the Federal Trade Commission for employees to consider in protecting their identities.
OPM set up a contract to provide credit monitoring services a few days before it announced the first data breach, which impacted 4 million people.
It’s unclear just how many people this second breach has impacted.
Josh Earnest, the White House spokesman, said Friday there were no new details on the ongoing investigation.
“Sometimes our investigators are reluctant to talk publicly in much detail about what exactly they have learned because it can give some helpful insight to our adversaries, frankly, about what kinds of techniques are used to investigate and mitigate and even deter these kinds of intrusions,” he said during the daily briefing at the White House. “So, I know that our investigators are, however, committed to making sure that those who have been affected by this particular intrusion are advised as soon as possible, and that they get the resources and information that they need to make sure that they can protect themselves.”
Meanwhile, CyTech Services, the company credited in some media reports with discovering the initial cyber breach during a product demonstration, released a statement confirming its role in the detection.
“CyTech was initially invited to OPM to demonstrate CyFIR Enterprise on April 21, 2015,” said Ben Cotton, CyTech’s CEO, in a press release. “Using our endpoint vulnerability assessment methodology, CyFIR quickly identified a set of unknown processes running on a limited set of endpoints. This information was immediately provided to the OPM security staff and was ultimately revealed to be malware. CyTech is unaware if the OPM security staff had previously identified these processes. CyTech Services remained on site to assist with the breach response, provided immediate assistance, and performed incident response services supporting OPM until May 1, 2015. During this time, CyTech provided on-site support at OPM to the OPM security personnel as well as representatives of the FBI and US-CERT.”