Leading the Office of Personnel Management has been the highlight of my long career in public service. The OPM family is comprised of some of the most dedicated, capable and hardworking individuals in the Federal Government. Each of them does so much in service of our country – whether it is through protecting our security by conducting background investigations; working to ensure Federal employees and their families have the best possible health coverage available; or working to assist our Federal retirees and their families in the smooth processing of their annuities.
I am so grateful to all of them.
Yesterday I informed OPM employees that I am stepping down as the Director of this remarkable agency and the remarkable people who work for it. Yesterday morning, I offered, and the President accepted, my resignation. I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work.
While my team and I have accomplished much together, in particular, I’m proud of the work we have done to develop the REDI (Recruitment, Engagement, Diversity and Inclusion) initiative and our IT Strategic Plan. These efforts have transformed our ability to serve our customer agencies and ensure that the Federal Government is able to attract, hire, engage, and develop a talented and diverse Federal workforce.
I am honored to have led this organization and to have served alongside the incredible team at OPM. I have complete confidence in their ability to continue fulfill OPM’s important mission of recruiting, retaining and honoring a world-class workforce to serve the American people.
Today, we at the U.S. Office of Personnel Management (OPM) released additional information about a recent cyber incident that affected the background investigation records of current, former, and prospective Federal employees and contractors. It is critical that all of OPM’s constituents, – most importantly – those who are directly impacted by these breaches receive information in a timely, transparent, and accurate manner. As I have said before, we take these incidents extremely seriously and, accordingly, are taking a number of steps to address both our cybersecurity and our process going forward.
First, to help ensure the security and integrity of our systems and to assist with the response to recent incidents, I have brought to OPM experts in cyber security and management from both inside and outside of government. In particular, I have created a new cybersecurity advisor position and will have more information on this in the coming days. In addition, in recent weeks, we brought to OPM a team of technical experts who have spent countless hours conducting a diligent investigation and a comprehensive review of systems. Finally, because I believe it is important to hear from a variety of perspectives when addressing dynamic cybersecurity threats, I am consulting with Chief Information Officers and other leading experts from technology firms and other private companies that have experienced their own cyber incidents, to discuss the collective challenges we face and hear their advice.
Second, and as described more fully in today’s press release OPM will be providing a comprehensive suite of credit and identity theft monitoring and protection services for background investigation applicants and non-applicants whose Social Security Numbers and other sensitive information were stolen. Individualized notification packages offering these services, with further details on the incident, will be sent in the coming weeks. We will be incorporating lessons learned and feedback from stakeholders about the notification process just completed for a related cybersecurity incident.
Third, OPM believes it is important to focus on the service we provide our customers. To that end, OPM is launching new resource efforts to maintain continued contact with our constituents. OPM has established an online cybersecurity incident resource center at https://www.opm.gov/cybersecurity to offer information regarding materials, training, and useful information on best cyber practices. In the coming weeks, OPM will also open a call center to respond to inquiries and give more assistance. In the interim, individuals are encouraged to visit https://www.opm.gov/cybersecurity.
Fourth, from the beginning of my time as the Director of OPM, I have made cybersecurity a top priority and will continue to do so. OPM continues to take aggressive action to strengthen its broader cyber defenses and IT systems. To this end, in June, OPM identified 15 new steps to improve security, leverage outside expertise, modernize its systems, and ensure internal accountability in its cyber practices. These 15 steps are in addition to 23 actions already taken to strengthen cybersecurity since the beginning of my tenure at OPM. I have also initiated a comprehensive review of the security of OPM’s IT systems to identify and immediately mitigate any other vulnerabilities that may exist. That review is ongoing.
Fifth, I realize that OPM’s cyber security efforts must also come in the broader context of the government’s IT systems. The Federal government, led by the Office of Management and Budget, is taking aggressive actions to continually strengthen its cyber defenses, and all agencies are currently engaged in a 30-day cybersecurity sprint, whereby immediate steps are being taken to further protect information and assets and improve the resilience of Federal networks. OPM is fully engaged in this effort.
Finally and importantly, OPM will participate, along with our interagency Suitability and Security Performance Accountability Council partners, in a 90 day review of key questions related to information security, governance, policy, and other aspects of the security and suitability determination process, to ensure that it is conducted in the most efficient, effective and secure manner possible.
Cybersecurity incidents are unfortunately not without precedent. As the President has made clear, cybersecurity is one of the most important challenges we face as a Nation. In working together across OPM and across the Federal government, I will continue to take aggressive steps to support efforts to improve Federal cybersecurity and to develop new policies and capabilities to identify, defend against, and counter malicious cyber actors.
As our hardworking Federal workforce enjoys a much-deserved holiday weekend, I want to share a quick update on the ongoing investigation into the recent theft of information from OPM’s networks.
For those individuals whose data may have been compromised in the intrusion affecting personnel records, we are providing credit monitoring and identity protection services. My team has worked with our identity protection contractor to increase staff to handle the large volume of calls, and to dramatically reduce wait times for people seeking services. As of Friday, our average wait time was about 2 minutes with the longest wait time being about 15 minutes.
Thanks to the tireless efforts of my team at OPM and our inter-agency partners, we also have made progress in the investigation into the attacks on OPM’s background information systems. We hope to be able to share more on the scope of that intrusion next week, and in the coming weeks, we will be working hard to issue notifications to those affected.
I want you to know that I am as concerned about these incidents as you are. I share your anger that adversaries targeted OPM data. And I remain committed to improving the IT issues that have plagued OPM for decades.
One of my first priorities upon being honored with the responsibility of leading OPM was the development of a comprehensive IT strategic plan, which identified security vulnerabilities in OPM’s aging legacy systems, and, beginning in February 2014, embarked our agency on an aggressive modernization and security overhaul of our network and its systems. It was only because of OPM’s aggressive efforts to update our cybersecurity posture, adding numerous tools and capabilities to our networks, that the recent cybersecurity incidents were discovered.
I am committed to finishing the important work outlined in my Strategic IT Plan and together with our inter-agency partners, OPM will continue to evaluate and improve our security systems to make sure our sensitive data is protected to the greatest extent possible, across all of our networks.
We are living in an era where cybersecurity must be a priority in our lives at work and at home. I encourage you to take some time to learn about the ways you can help protect your own personal information. There are many helpful resources available on our website.
I’m wishing you a safe and relaxing 4th of July weekend.
As our team at OPM continues to work tirelessly to fortify our data systems with stronger security upgrades, I wanted to notify our Federal family that we have taken the e-QIP system offline temporarily. E-QIP is a web-based platform used to complete and submit background investigation forms.
I recently ordered a comprehensive review of the security of OPM IT systems. During this ongoing review, my team and our interagency partners identified a vulnerability in the e-QIP system. Out of an abundance of caution, I have asked that the system be taken offline until stronger security enhancements are implemented.
I want to be clear that we are proactively taking this action to ensure the ongoing security of our network. This decision was not in response to direct malicious activity on this network, and there was no evidence that the vulnerability was exploited by an adversary.
While we add these security enhancements to the network, we expect the e-QIP system could be offline from four to six weeks. All of us at OPM recognize and regret the impact this action will have on both users and agencies, but please know that the team is working hard to quickly implement these security upgrades so that we can resume this service as soon as it’s safe to do so. In the meantime, we will be working with our partner agencies on alternative approaches to meet the needs of our customers.
I want to personally apologize for the inconvenience, but know that we take very seriously the responsibility OPM holds in securing Federal employee data. Improving OPM’s IT security posture is the utmost priority as we work to recruit, engage, and honor America’s talented and hardworking Federal workforce.
As our investigation into the cyberintrusions and theft of information at OPM continues, I want to reassure our Federal family how seriously I take our responsibility to provide you with timely and accurate information, as well as the resources to protect you from any malicious activity that may come from these events.
For individuals who were impacted by the incident involving personnel data that we announced on June 4, OPM is offering credit monitoring services and identity theft insurance through CSID, a subcontractor to Winvale. This includes credit monitoring, as well as access to credit reports, identity theft insurance, and recovery services and the services are available immediately at no cost.
I am deeply troubled by the challenges some employees and retirees have been having while trying to take advantage of these services. I want you to know that we are working to quickly improve your experience. And we’ve made progress.
Over the past week, CSID has been increasing the number of call center employees available to answer your questions. Additionally, they are equipped with the latest list of Frequently Asked Questions to make sure everyone is getting updated and consistent information.
Wait times are also a concern. The good news is that, because CSID has been adding additional call center employees, the wait times are down significantly. A new feature has also been added giving you the option to have the center call you back when it’s your turn. This keeps you from having to wait on hold.
We know that many of the calls coming in are from people who would like to know whether they were affected. To help keep those calls from slowing down people calling with enrollment issues, a new feature was added this week. It allows individuals to self-select if they are calling to find out if they qualify for coverage or for any reason other than to enroll. Those calls are now answered by a separate team, helping to speed up your access to the call center.
I encourage you to read through our Frequently Asked Questions before calling CSID. We’re updating this page as new information becomes available, and we hope to get as many answers to your questions as we can, as quickly as possible.
Each and every day, as we investigate these attacks and aggressively work on the redesign of our computer network, we are keeping in mind the millions of men and women who have and continue to serve the American people. We honor your contributions and the trust you put in us to keep your information safe. I pledge that we will do everything we can to give you the support you need.
There was an unexpected error when performing your action.
Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.