According to House and Senate administrators, congressional staffers have likely not been affected by the Office of Personel Management data breach affecting millions of federal government workers, unless a congressional staffer once worked for the executive branch.
"Unless you were employed previously in the executive branch of the federal government there is no indication at this time that your personally identifiable information (PII) was compromised," Chief Administrative Officer for the House Ed Cassidy wrote in a notice sent to House staff Friday afternoon. A source with the Senate Sergeant-at-Arms also noted that the breach does not affect legislative branch employees, unless those employees previously worked for the executive branch.
The Office of Personnel Management, which manages federal workers, announced Thursday that the agency experienced a "cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former federal employees."
According to a notice posted on its website, OPM became aware of the breach in April 2015. White House Press Secretary Josh Earnest said in the White House press briefing Friday that the intrusion appeared to occur in December, OPM detected it in April and determined in May that some data might have been compromised.
From June 8 to June 19, the office will notify the estimated 4 million workers who were affected. The office said the workers' "personally identifiable information" may have been compromised. This type of information is linked to a specific individual and could include names, Social Security numbers, and birth dates.
Media reports cited federal officials who indicated Chinese hackers, potentially working for the Chinese government, were responsible. The Chinese government responded quickly that making those allegations was not responsible.
According to the House memo from Cassidy, obtained by CQ Roll Call, the CAO has communicated with OPM. Currently, OPM "knows what types of data were exposed to the hackers, but not what data was actually taken." The CAO noted that OPM will notify those current and former executive branch workers who were potentially affected.
At the end of the notice, the CAO also reminded staff to "be especially vigilant of any suspicious emails purporting to relate to this incident" and to avoid clicking on any emails unless they are sent from the OPM address, email@example.com.
That final advice highlighted the role staffers have to play in protecting congressional data, which is a top priority for House and Senate administrators.
"We don’t lack for high priorities in the IT area here in the House," Cassidy said at a House Administration Committee hearing Wednesday. "We’ve got a number of them, but there’s no higher priority for us than cybersecurity."
Cassidy, who has held the post since January 2014, said the office was increasing its efforts to educate congressional staffers on cybersecurity practices, and pointed to stricter policies implemented at the start of the 114th Congress.
Aside from questions about congressional staffer data, the breach also led to calls by lawmakers and others for Congress to address the ongoing cybersecurity threat. Earnest said Friday the data breach shows that Congress needs to pass cybersecurity legislation.
"We need to see improved coordination between the government and the private sector on this matter. And that effort to coordinate requires congressional action," Earnest said. "And the fact is, we need Congress to come out of the dark ages and actually join us here in the 21st Century to make sure that we have the kinds of defenses that are necessary to have the modern computer system. And we have not seen that kind of action in Congress."
But some lawmakers pushed back against the criticism, calling on the White House to step up.
“Where is the leadership?" said Cory Fritz, a spokesman for Speaker John A. Boehner, R-Ohio. "The federal government has just been hit by one of the largest thefts of sensitive data in history, and this White House is trying blame anyone but itself. It’s absolutely disgusting.”
Steven T. Dennis contributed to this report. Related: New House Cybersecurity Policies Show Ongoing Threat See photos, follies, HOH Hits and Misses and more at Roll Call's new video site. Get breaking news alerts and more from Roll Call in your inbox or on your iPhone.