Wednesday, June 17, 2015

The Office of Personnel Management gave up my personal data

To the Chinese, it appears. My name, my address, my social security number. Not only that, but my wife’s name, the names of my children and all of their social security numbers, too. They also have the names and locations of my references that I used to apply for a Top Secret clearance in 1990. All of which is now in the hands of potentially bad actors who might attempt to use that information for nefarious purposes.

The letter displayed below says that my personal information “may have” been compromised. Right. Trust me—it was compromised.

I was disappointed to say the least, but I did not panic because:

  1. Anyone who knows me knows that I am somewhat anal when it comes to system security. If you’re good enough to get through my security system you get an IP address of A Black Hole.
  2. I haven’t had a Top Secret security clearance since leaving the Department of the Army in 2006, nine years ago almost to the day. I still maintain an active Secret security clearance.

In my circle, I’m known as a white hat hacker. I’m the kind of guy who goes down the hall and checks a door knob. If it’s unlocked and there’s something valuable behind it, I alert the person responsible for securing it .I don’t wait until my black hat peers compromise, pilfer or otherwise steal that stuff of value.

But that’s what OPM has done in this case—they let the black hats walk through that door and take everything they wanted. Then they decided to tell us what “may have” transpired?

Here’s the letter I received from OPM on Monday. I’m only posting the first two pages, with certain parts blacked out.



Two things worth observing here. OPM is offering me an 18-month, no cost-to-me credit monitoring service. Please refer back to bullet No. 1 above. I already have LifeLock; and who wants to trust the lowest bidder on a government “security” contract? CSID may be great. But that’s Ok—no thanks.

The second thing, and the one that bothers me the most, is that there will likely be no one held accountable for this egregious negligence. Just like the VA scandal, the IRS scandal and the disaster in Benghazi. No one in this administration pays a price for incompetence or inattention to duty. We do, however.

And that’s what it is, ladies and gentlemen: Gross negligence and incompetence. Because the people responsible for protecting my sensitive info were asleep (or drunk) at the switch that data is now in the hands of God knows who.

Am I mad? Hell yes. Am I worried? Not even a little. I’m a low value target and I’m really hard to get to. You’re gonna have to come to the door to get anything, and if you do, you’ll be staring down the barrel of my brand new Browning tactical shotgun, loaded with buckshot.