Connect with us

Hi, what are you looking for?



OPM Suspends Background Check System to Patch Security Bug

The U.S. Office of Personnel Management (OPM) announced on Monday that it has temporarily suspended its Electronic Questionnaires for Investigations Processing (e-QIP) system after discovering the existence of a security bug.

The U.S. Office of Personnel Management (OPM) announced on Monday that it has temporarily suspended its Electronic Questionnaires for Investigations Processing (e-QIP) system after discovering the existence of a security bug.

Following the recent data breach, in which attackers are said to have gained access to the details of as many as 18 million federal employees, the OPM started conducting a comprehensive security review of its IT systems.

The audit revealed the existence of a vulnerability in e-QIP, a web-based system used to conduct background checks for federal security, fitness, suitability, and credentialing purposes.

According to the OPM, the temporary shutdown of the e-QIP system is not related to the recent breach; it is a proactive step taken to ensure the security of the organization’s network. There is no evidence that the security flaw uncovered during the review has been exploited, the agency said.

“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls,” stated OPM Director Katherine Archuleta. “This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”

The background investigations system will be offline for 4-6 weeks while security enhancements are put into place.

The attackers that targeted OPM are said to have gained unauthorized access to personally identifiable information (PII), records and other sensitive data belonging to millions of current, past and prospective federal employees.

Advertisement. Scroll to continue reading.

While OPM officials haven’t said anything about who is behind the attack, actors sponsored by the Chinese government have been the prime suspect from day one. China was also named the “leading suspect” by Director of National Intelligence James Clapper at a conference in Washington last week.

China is often blamed for cyberattacks against United States organizations, but the country has constantly denied any involvement. Last week, US and Chinese officials met in Washington and once again held talks on hacking.

The American Federation of Government Employees (AFGE) has filed a class action lawsuit against the OPM, its director, and its chief information officer. The complaint also names KeyPoint Government Solutions, a private contractor that handled a majority of OPM’s background checks. KeyPoint announced suffering a data breach in December 2014.

The AFGE has pointed out that the audits conducted by the OPM’s Office of Inspector General over the past years have revealed the existence of several security issues. The report published by the OIG in November 2014 revealed that the cyber security deficiencies “could potentially have national security implications.”

The AFGE said the OPM failed to take proper measures to protect sensitive information despite knowing of the KeyPoint hack and the security weaknesses that plagued its own systems.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.