Thank you and welcome to technology tap . I'm professor j rod in this episode , our second episode of our summer series . Let's get into it . All right , welcome back to Technology Tap . I'm Professor J-Rod .
For those of you who don't know me'm , my name is professor j rod and I am professor of cyber security , and I've been doing this podcast I don't know almost going on four years and for this summer . Usually I don't really do a lot during the summer as far as podcasting , but I did a . Uh . Something interesting happened when I was working on my dissertation .
I met someone who agreed to help me with the survey . He participated in the survey when I was doing my research and one of the things that he told me is that he has his students , instead of doing a presentation , he does it . He has them do a podcast of whatever research he asked them to do .
So I thought this was a great idea and I gave my students the option of making their PowerPoint presentation into a podcast . So this series is based on that , and so in this episode we are going to listen to Michelleelle , wesley and oscana and they're going to talk about the hack of the office of personal management breach , which personally affected michelle .
Michelle is a former navy personnel and we thank you for your service . So she was actually affected by that . So it's an interesting topic because it personally affects her . So you know , let me know , listen to it , let me know what you guys think about you know , the summer series . Hopefully you like it . Hopefully you're listening to it .
All right , let's take it away series . Hopefully you like it , hopefully you're listening to it .
All right , let's take it away . Welcome listeners , to Unveiling the OPM Breach . A Timeline of Intrusion In late 2013 , the Office of Personnel Management , also known as OPM , experienced a significant cybersecurity breach that reverberated through government and contracted networks . What was the breach ?
Hackers gained unauthorized access to OPM's networks , acquiring valuable IT system manuals in late 2013 . These manuals provided insights into OPM's network architecture , potentially facilitating future cyber attacks . The OPM cyber incident highlighted vulnerabilities in government cybersecurity practices and the need for enhanced data protection measures .
It underscored the importance of proactive threat detection and response strategies to mitigate the risk of future breaches . Joining me are Oksana and Wes .
Thank you , Michelle . The breaches expose sensitive information about federal employees and security clearance data . This compromised data led to a public announcement of the breaches in June 2015 , raising concerns about the security of government personal information .
Wow . So yeah , june 2015, . Listeners keep that date in mind . So hackers first breached the OPM and two contractors , usis and Keypoint Government Solutions , in late 2013 and early 2014 . The breaches remained undetected for months , allowing intruders to access sensitive information .
The breaches escalated over time , culminating in the public announcement as Oksana had mentioned in a public announcement of the breaches the data breaches in June of 2015 . So imagine you're talking about the public announcement being nearly a year , year and a half later .
Further investigations in May and June of 2015 revealed the extent of the breach , affecting millions of federal employees and exposing security clearance data . The breaches highlighted vulnerabilities in government cybersecurity practices and emphasized the need for enhanced data protection measures .
All of this led to the OPM director , katarine Archuleta , to resign in the wake of the data breaches to resign in the wake of the data breaches .
She was under fire essentially since the revelations that millions of people's personnel data was compromised by hackers , and she actually submitted her resignation on a Friday morning and the president accepted it yeah , so just keep in mind that timeline right ? So the whole thing happened , you know , began in November of 2013 . And here it is July of 2015 .
The director is essentially forced to resign because that's how government works , right ? You resign because they give you a deal . It's like they make you an offer . You can't refuse .
You can't refuse .
So it's either you resign and we'll part ways amicably or you're getting fired and then you're never going to work again in any sort of industry .
So that's essentially what happened , and the reason that she was essentially let go slash resigned is because she halted a lot of the investigations into this and delayed a lot of information from going out to the public .
So the breaches expose sensitive information about federal employees and security clearance data . This compromised the data led to an announcement of the breaches in June of 2015 . Again , we have to reiterate this all started in November of 2013 .
And we started seeing movement a year to two years later , raising concerns about the security of government personnel information . One year after the OPM data breach , what has the government learned ?
So a reporter by the name of Brian Naylor reported during the week that marked a year since the government first revealed that Hackett has stolen personal files of some 4 million current and former federal employees .
About one month later , that number grew to more than 20 million people , including contractors , family members and others who had undergone background checks for federal Hold on .
So you mean to tell me it went from $4 million and a month later another $16 plus million . I think that number , yeah , that sounds fishy to me right ? What do you guys think ?
Have you been compromised ?
Thank you , oksana . Actually , I was compromised . I found out that my information was part of the leak from OPM and to this day , I'm still receiving alerts that either my email , my phone number , my social security it's out there . The numbers have grown immensely throughout the years . Back in 2018 , I received three notifications .
In 2019 , I received eight notifications notifications 2027 , 2021 , 8 , 2022 , which is just two years ago . I received 10 notifications .
Last year I received 14 . And we're now in May and I've already received four notifications . You told me you've got four notifications . I've been your outreach . It's an 11-year-old breach .
Yes , and what's funny is they've all . In the beginning they only discussed two subcontractors that were breached , but within the years , I guess all of my information has leaked into other you know other places like staffing agencies .
I've I've applied for a lot of uh companies and um my later has my data has been leaked , like in things , like in uh USA staffing , um wherever I got my fingerprints done Also my data was leaked , and it's not only mine but it's also my family members . So I have two children and my husband and all of our data has been leaked .
Well , that kind of makes sense to 20 million plus people , right . But the fact that in a month's time it went from 4 million , to over 20 . And 11 years later . Those are old numbers . Those are old numbers , so who knows how many by now ?
And that's the thing A lot of people don't know that they've been hacked .
Yes , so what about you Wes ?
Well , you know , I have to say like I don't remember exactly if I've applied for jobs through OPM or USA jobs , but sounds like you know I don't get any notifications . So I'm either very , very lucky or I'm not being told that my information is out there .
You know so how , how , actually , michelle , let's get into that . How do you ? Actually get notified so I was first notified that , while I was serving our country , the data had leaked . Wait a minute .
Because you're a veteran , you've got information that .
I didn't know Really . I'm going to tell you facts of how I found out .
Once .
OPM verified and found the leaks . They actually set up a lifetime monitoring , and so the company that usually gives me my alert it's called opmmyidcarecom , and if you go to that website , actually you could input some of your information and it will then tell you whether or not you've been jeopardized .
Now I'm curious Is that specific to people that have applied to jobs through OPM ? I ?
would I mean I'm going to look into it because I don't think I'm that lucky . So I don't know if it's exactly only OPM related , but even my email in the past . I mean , everyone has a Yahoocom account or has had one at some point , and one of my breaches were through Yahoocom .
So but when I say that it's just that I use that account with within my searching for employment , we're going to give you that information on that website again later on , just before we close , so that it stays fresh in your mind . But how about you , oksana ? Have you had any breaches ?
I don't think so . I haven't . I applied to jobs . She's the lucky one . She's the lucky one . I haven't applied to .
She's the lucky one she hasn't applied .
But Ukrainians can install app on their phones and in that app they have access to all information , all documents like for passport , driver license , high school diploma and they don't need to upload it individually . They can only scan a chip on their ID card and they can have access to all that . Wow .
And it's so . It's one app yeah , one scan and everything everything everything is uploaded at once , so all sorts of personal sensitive information , your emails , your birthday , your social security numbers , your driver's license .
She's a high school diploma .
Wow , she said high school diploma .
Because I have only Ukrainian high school diploma , like people who graduate from universities , like they .
That too my gosh .
Okay , so to me , right , okay . So that's you completely . One scan basically tracks your life into this one app . How vulnerable is that ?
yes , so it's kind of scary yeah , I'm not sure about security , like it's defense , but it is what it is okay . Ukraine right , it's a small , small country on the other side of the world .
It is what it is . Okay . So this is Ukraine , right , it's a small , small country on the other side of the world , but this 11-year-old breach that's still affecting members today , that could be affecting me and I don't even know , is it's American ? We're like a superpower , supposedly , but we can't patch this breach 11 years later .
So I would say and I don't want to worry you , oksana , but I would say that you know that- one happened to you . I be compromised or easily compromised . But yeah , I mean , think about it , right , Like that's . This is the world that we live in now . Right , it's only going to get more tech as the years roll by .
We're going to try to wrap this up in a little bit . Like I said , we're going to mention to our listeners the webpage .
Basically , the OPM cybersecurity breach serves as a reminder of the ongoing challenges in safeguarding sensitive government data against evolving cyber threats .
Continued efforts are essential to strengthen cybersecurity release and protect critical information access from unauthorized access .
So , guys , thank you for joining us . We appreciate our listeners . We're going to have to do another episode in the future on what you know . Once we we're going to dissect this a little bit more and we're going to dive into what it is or how it is that these things need to get passed , because that's the field that we're in .
Before we go , michelle , please one more time with the uh website so that our listeners can go on there and see what you know if they're being compromised absolutely wes , so that website is opmmy id care yes , so thank you for tuning in to unveiling the op Bridge a timeline of instruction .
Be sure to subscribe for future episodes and don't hesitate to reach out with any feedback or questions . Stay safe online and until next time .
Goodbye .
Alright , that's going to be . That's's gonna put a bow on this episode . I hope you guys like that one . I really enjoy that one . Thank you to michelle west and oscana . You guys did an absolutely banged up job on this one and we appreciate it . Until next time . This has been a Little Cha-Cha Productions . Art by Sarah , music by Joe Kim .
If you want to reach me , you can email me at ProfessorJrod Jrod .
