The Office of Personnel Management (OPM) has revised its timeline on a massive data breach that exposed the personal information of 4 million Americans to foreign hackers.
Friday, OPM changed an answer to a FAQ about when the data breach first began. The revised FAQ reads, “The actual intrusions predated OPM’s discovery, but the precise timing is still a matter under investigation.”
That’s very different from the answer that appeared previously on the site. The previous answer stated unequivocally, “The intrusion occurred in December 2014.” That appears to have been a government-wide conclusion. White House spokesman Josh Earnest echoed OPM’s timeline in his June 5th press briefing saying, “based on what we know now, this intrusion into the OPM system occurred in December.”
The first sign that OPM’s timeline might be shifting took place during congressional testimony earlier this week. During an exchange between Oversight Chariman Jason Chaffetz and OPM Director Katherine Archuleta, Archuleta suggested the intrusion predated an Inspector General recommendation to shut down certain OPM computer systems. “The recommendation to close down our systems came after the adversaries were already in our network,” Archuleta said.
Archuleta was referring to an Inspector General recommendation to shut down 11 of 47 OPM computer systems which were operating without a valid security authorization in 2014. According to the OIG, that recommendation was dated September 18, 2014, three months before the hack supposedly took place in December. OPM declined the IG’s recommendation in October.
Breitbart News contacted OPM Thursday to ask about the apparent contradiction between OPM’s timeline and the Director’s congressional testimony. OPM’s communications department has not answered the central phone line over the past two days. Instead, callers were directed to send queries to a central email address. Late Friday afternoon, OPM responded with a collection of boilerplate answers, none of which responded to the questions submitted.
Those questions remain unanswered: Why did OPM state that the hack began in December? Why does OPM now claim not to know when the hack began? Did the decision to revise the timeline take place before or after Director Archuleta’s congressional testimony? Was Director Archuleta correct when she stated the “adversaries were already in our network” prior to the IG recommendation in September? And again, when and how did OPM learn this was the case?
There may be perfectly valid answers to all of these questions. So far, OPM seems to have changed their timeline in a way that makes it less clear rather than more clear. And it has done so without offering any explanation about what prompted the change.
COMMENTS
Please let us know if you're having issues with commenting.