Click here to skip navigation
An official website of the United States Government.

Our Director Director's Blog

IT Security

It’s been an exciting and busy first two weeks for me as the new Acting Director of the U.S. Office of Personnel Management.  I will be regularly using this space to share the latest news about what we are doing to address one of my top priorities for OPM – our response to the recent cybersecurity incidents.  As we make progress on this front, I also will be highlighting the achievements of OPM’s dedicated team that is working every day to fulfill the agency’s mission: to recruit and develop a world-class Federal workforce.

First, this week we were able to bring back online the system that we use to process background investigation forms for Federal employees and Federal job applicants. We had shut down the e-QIP system temporarily on June 26 after we discovered a vulnerability during a comprehensive security review of OPM’s information technology systems. Even though we didn’t find any malicious activity, we took this step in order to be proactive and to fortify the system’s security controls.

Cybersecurity expertise from across the Federal and private sectors was brought to bear to remediate and test the e-QIP system.  Thanks to the hard work of OPM staff, in collaboration with our interagency partners at the Department of Homeland Security and the Office of Management and Budget, we were able to bring the system back online with enhanced security features in less than four weeks.

Second, we continue to build on our efforts to support members of the Federal family whose personal information was stolen in the cyberintrusions.  We have just added some helpful features to our online resource center at in response to feedback from users.

The website is now easier to navigate and specific information is easier to find. We’ve added a “Recent Updates” section and a “Stay Informed” feature, plus tools such as an RSS feed allowing users to get automatic alerts when new information is posted. Our agency partners and outside organizations can now place a digital badge on their own websites that will link their users to OPM’s online resource center. Please visit this website to get the most current information about the incidents and about steps individuals can take to protect themselves from cybercrime.

Being new to OPM, I recently took the agency’s IT Security and Privacy Awareness Training. The training was a good reminder that using cybersecurity best practices is a responsibility we all share and that we must remain on guard against phishing emails and other threats that are ever present in today’s digital workplace.

Even as we keep cybersecurity front and center, I am looking forward to working with our talented and hard-working team at OPM to fulfill the agency’s mission of supporting and providing exceptional service to our Federal family. We have multiple plans and programs underway to improve the hiring process for Federal jobs, to develop top-drawer training and leadership programming, and to collect and process rich data sets that lead to greater employee engagement, to name just a few. The Federal Government is counting on OPM to deliver. And I know that we will.

Learn more at 

As we at OPM and our partners across government work quickly to investigate the nature and scope of the cyberattacks that invaded our network and systems, I want to make sure that our Federal employee family knows that I continue to work each and every day to make sure that the data OPM is entrusted with protecting is secure now and for the future.

I am as concerned as our Federal workforce by these cyberintrusions, and I want employees to know we are redoubling our efforts to make sure our systems are as secure as possible. We know that our adversaries are sophisticated, well-funded, and focused. We know this because in an average month, OPM thwarts millions of attempts to break into our network.

Before I detail the work my OPM team is doing to upgrade our aging systems, to investigate the cyberintrusions, and to plan for the future, I want to make sure all Federal employees know that OPM has continued to operate with strong confidence in the security of the data it handles.

So how did we get here? In November of 2013, when the President honored me with the assignment to lead the men and women of OPM, I quickly realized that the agency’s outdated, legacy system needed to be modernized. My team got to work on the comprehensive IT Strategic Plan during my first 100 days as OPM Director. That plan clearly identified security vulnerabilities in our aging systems. We immediately began an aggressive modernization and security overhaul.

It was because of that overhaul and the tools we put in place to strengthen our cybersecurity that OPM -- working with our partners at the Department of Homeland Security and the Federal Bureau of Investigation -- was able to detect the cyberbreaches of personnel and background investigations data. That work continues, and continues aggressively. We have upgraded our network monitoring and logging capability and added firewalls that allow OPM to better filter network traffic. The remote access for our network administrators has been restricted.

On June 4, we publicly announced that we believed that the personally identifiable information (PII) of about 4 million current and former Federal employees had been compromised. Almost immediately, we began notifying those affected and they are getting access to credit monitoring and other services they may need. As the investigation has proceeded, we recently confirmed that OPM systems containing information related to the background investigations of current, former, and prospective Federal employees may have been compromised. We are working intensively to assess the scope of that attack and we will notify affected individuals as soon as possible.

Each and every day, as we work through the challenges of investigating these attacks and aggressively work on the redesign of our computer network, I am thinking about the millions of men and women who work – and who have worked – to serve the American people.

Our OPM team knows that you have entrusted your sensitive personal information to us. It is a trust we will continue to honor and one that is foremost in our minds as we do the critical work necessary to prevent, detect, and thwart future cyberattacks.

Updated Information on Recent Cybersecurity Incidents

Recently, you may have heard about a new internet security weakness, known as Heartbleed, which is impacting some websites. There is no indication that Heartbleed has been used against or that any personal information has ever been at risk. However, we are asking users to change their current password for e-QIP applications out of an abundance of caution to ensure the protection of your information.


Control Panel

Unexpected Error

There was an unexpected error when performing your action.

Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.