The U.S. Office of Personnel Management (OPM) is an independent agency of the U.S. government that assists other federal agencies in hiring new employees, conducting background check investigations, and managing pension benefits for retired federal employees and their families. The agency maintains data on millions of federal government employees, retirees, contractors, and prospective employees. These data were recently compromised in two separate but related data breaches at the OPM, raising concerns not only about potential identity theft and blackmail but also about the possible use of that data in intelligence operations launched against the United States. Early in 2015, OPM discovered that the personnel data (full name, birth date, home address, and Social Security numbers) of 4.2 million current and former federal government employees had been stolen. Then, in June 2015, OPM announced that the background investigation records of 21.5 million current, former, and prospective federal employees and contractors had been stolen as the result of a second data breach. During a hearing in front of the House Oversight and Reform Committee shortly after the second breach was announced, OPM's Chief Information Officer Donna Seymour acknowledged that the information compromised in the data breach included "SF-86 data as well as clearance adjudication information." Current and prospective federal employees and service members who require a security clearance must complete the SF-86, a 127-page questionnaire, which asks for information about family members, friends, employment history, foreign travel, interactions with foreign nationals, details on alcohol and drug use, mental illness, credit ratings, bankruptcies, arrest records, and court actions. The document also includes information from record checks with local law enforcement where the individual lived, worked, or went to school during the previous 10 years. Adjudication information includes additional personal information that is gathered for all "persons being considered for initial or continued eligibility for access to classified information." The information is obtained through personal interviews not only with the applicant but also with educators, employers, neighbors, references, roommates, significant others, and spouses of the applicant. Adjudication information can include revelations about past sexual behavior, personal debt, specific reasons for a divorce, and information about a history of addictions, among other details. The adjudication data that were breached at the OPM also included actual fingerprint data for more than 5.6 million people. The claims of the plaintiff in the AFGE lawsuit are likely to be bolstered in part by finding in a report from the U.S. House of Representatives' Committee on Oversight and Government Reform, which indicates that OPM did not follow rudimentary cybersecurity recommendations that could have mitigated or even prevented the attacks. According to the report, the OPM data breaches were made worse by the agency's careless security culture and ineffective leadership, which failed to employ readily available tools that could have stopped or mitigated the intrusions. The report also pointed out that the OPM had failed to act on repeated inspector general reports as far back as 2005 that warned of cybersecurity shortcomings. OPM director Katherine Archuleta resigned a month after the breaches were announced in response to pressure from House Oversight and Government Reform Committee Chairman Jason Chaffetz. In February 2016, Donna Seymour, CIO for the Office of Personnel Management, announced her retirement. Pressure had been mounting on Seymour for her to step down, and her resignation came just two days before she was scheduled to testify again before the House committee. OPM has claimed that it achieved "significant progress" in improving cybersecurity on its systems following the data breaches. The agency has implemented multifactor authentication, modernized its information technology infrastructure, appointed a new senior cybersecurity adviser, and formed a new organization responsible for background checks on employees and contractors. That new entity, the National Background Investigations Bureau (NBIB), which became operational in October 2016, runs on information systems that are managed by the Pentagon. Critical Thinking Questions 1. Do you feel there should be some sort of redress for the 21 million people whose personal information was stolen even if they cannot prove actual monetary damages? 2. How might foreign powers and/or terrorists use the stolen data to mount intelligence operations against the United States? 3. Go online to do research on the steps OPM has taken to improve its cybersecurity? Are you satisfied with these actions? If not, what additional changes would you suggest?