US personnel agency takes system offline after security flaw detected

The agency has suffered two major hacks in recent months

sec vulnerability lock bolt
Credit: Shutterstock

Problems for the U.S. Office of Personnel Management aren't letting up. The government agency said Monday it had suspended a system used for background checks after a security flaw was discovered in the Web-based app.

The agency said there's no evidence the system was hacked. It discovered the vulnerability during a review of its IT systems, it said, which is being carried out in the wake of at least two serious security breaches.

Still, it's a big inconvenience. The system, called E-QIP, is used by multiple agencies to carry out background checks on potential new hires, and it will be offline for four to six weeks, the OPM said.

"The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited," the agency said, calling the decision to take E-QIP offline a proactive measure to ensure 'the ongoing security of its network."

The OPM has been hit by at least two major breaches. One, reported earlier this month, is feared to have resulted in the theft of personnel records of millions of current and former government employees.

A second breach was apparently carried out by hackers with connections to China and targeted a database containing copies of a 120-page questionnaire that's used by people seeking a national security clearance.

The Chinese government has denied the accusations.

The OPM essentially serves as the government's human resources department and handles functions like hiring and retaining staff and running background checks.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.