The Worst Data Breach in US History

Washington, DC (PanAm) – “[H]ackers are now in possession of all personnel data for every federal employee, ever federal retiree, and up to one million former federal employees,” or so the American Federation of Government Employees claims in a letter to the director of the Office of Personnel Management (OPM).

And yet, federal officials didn’t even notice the breach; it was discovered during a product demonstration for a cybersecurity company, and the malicious technology may have been in place for over a year. I think it is no stretch to say that this was the greatest data breach in government history.

This should be shocking: every personnel file on every employee lost? The magnitude of the breach is unparalleled. Yet, the fact that it happened at all is not shocking in the slightest when one considers both the OPM’s history of ineptitude and the government’s general failure when it comes to all things technology.

Serving as the federal government’s internal human-resources department, the OMP is an agency generally hidden from the public eye. It shares many characteristics with the similarly opaque General Services Administration, an agency whose mismanagement has been the target of this column before.

The agency’s primary role is to administer the federal workforce, plain and simple. They manage the civil service, tasked with ensuring it remains merit based and doesn’t devolve into patronage. They also administer federal retiree pension payments.

Yet, in reality, this agency faces all the bureaucratic pressures of any other. As such, the merit system that it is supposed to zealously protect is weak, at best. A Government Accountability Office (GAO) report released in January found that from 2010 to 2013, between 85 and 90 percent of Senior Executive Service members scored in the two highest rating categories out of five.

No more than 0.4 percent of employees were rated lower than average. That result is absurd on its face. Can anyone realistically believe that in a world of scandal after scandal the federal government’s executives are almost universally above average?

The OPM is but one tiny part of the government’s technological quagmire. Just last week the GAO released testimony on the general failure of federal IT spending. In the past five years, the GAO has made 737 specific recommendations to improve federal IT, yet only 23 percent have been implemented. They project that such recommendations could save billions of dollars, yet regularly face resistance from the agencies.

Failed technology implementation is pervasive in the world of government. As the Cato Institute’s Chris Edwards highlights, the problems range from the environmental-monitoring satellites at the National Oceanic and Atmospheric Administration to the Department of Veterans Affairs’s scheduling software upgrade.

The OPM itself failed at automating the retirement claims, not once, not twice, but three times, spending US$231 million in the process. The best we can say is that, because of this failed automation, the OPM’s failure here may have actually stymied its current breach.

So, the OPM’s job is to do a few simple tasks, even if massive in scale. They are the epitome of federal paper-pushers, tasked with administering the civil service and benefits for the federal workforce, including pensions. A good bureaucratic body efficiently handles the task delegated to it. This should not be an unreasonable expectation for citizens to have.

Yet, on each one of the tasks assigned to the OPM, it does not live up to the expectations for any of them. Its pension administration is wasteful, bureaucratic, and literally administered by hand, in filing cabinets, in a cave in Pennsylvania.

Its guard of merit-based employment has clearly broken down, if it ever existed in the first place. GAO reports seem to make this claim about some part of the OPM every few months. The bureaucracy is not attracting or retaining young workers reliably. How they manage to do this, even with above-average unemployment among young people in recent years, is baffling. And now they’ve lost the personal data of all the employees.

The OPM is a quintessential example of bureaucracy fulfilling the stereotypes people hold of government agencies. They have systematically failed at nearly every task assigned. Yet, how to fix the problem remains a mystery. Nearly every attempt at reform has failed, and more money won’t solve the agency’s problems; it could even make them worse.

Hacker Image Source: Dennis Skley, Flickr, Creative Commons

Image Source: Dennis Skley, Flickr, Creative Commons

The best we can hope for is that the latest breach finally forces real reform, complete with the firing of top agency officials. Maybe then we can have a conversation about privatizing parts of federal personnel management, moving the risks to contractors who compete for contracts based on objective measures. It’s not great, but it can’t be worse than the OPM.

 Written by Nick Zaiac for PanAm Post.