As government officials answered questions about the recent Office of Personnel Management data breach, former and current congressional staffers processed the notices they are receiving from the agency that they, too, were affected by the breach.
Rep. Gerald E. Connolly, D-Va., told CQ Roll Call Tuesday that his press secretary, George Burke, who has never worked for the executive branch, received a notice from the OPM saying his personal identifiable information may have been compromised. Connolly said he spoke with someone in the office of the House Chief Administrative Officer, and it appeared that congressional staffers who had a break in their service, activating their retirement status, were affected by the breach. “What it seems to be is: If you worked up here for 'x' number of years and you terminate your employment and you leave government service, they give a final report, which may turn out not to be final, about your retirement status to OPM," Connolly said after attending the classified briefing on the breach for members of the House.
"I am an example of a former, but now a current employee who could have been compromised," Connolly said, noting his years as a Senate staffer. "So when they say 'former employees,' what they really mean is somebody who could have interrupted service but is now a current employee.”
What You Missed: Oversight Hearing on OPM Data Breach
In other words, because OPM handles retirement for congressional employees, those employees who have either left Congress, or left and came back, may be affected by the breach. A spokesperson for the CAO said OPM maintains records on former government employees, which includes former House staffers. A spokesperson for the OPM, citing an ongoing investigation, wrote in an email that the agency does not have an estimate for the number of legislative employees affected.
The Senate Sergeant-at-Arms Office is continuing to reach out to OPM Tuesday for the latest information. After it became clear late Monday night that some former staffers without executive branch experience received notices, a source with the SSA told CQ Roll Call the office had not received any additional information about the OPM breach. But, the source noted, the OPM did originally point out that new information could arise as the investigation unfolded.
The notices likely came as a surprise to the House and Senate staffers affected by the breach, because they were previously informed that only those with executive branch experience were likely affected.
On June 4, the OPM announced it has experienced a "cybersecurity incident" that may have compromised the personal identifiable information of more than 4 million current and former federal workers. The OPM communicated with congressional administrators about the breach. In a notice sent to House employees , House CAO Ed Cassidy wrote that OPM advised his office that there was "no indication at this time" that current congressional staffer information was compromised, unless a staffer previously worked for the executive branch.
“I was a bit surprised because ... the CAO had told us the Hill hadn’t been compromised to the best of their knowledge," Burke said Tuesday. He received a notice from the OPM Monday, and said it offered insurance and a free credit monitoring service.
Burke worked on Capitol Hill in the 1970s and '80s, and then left his post, only to return to the Capitol more than six years ago to work for Connolly. He said the letter did not state exactly what data was compromised, but noted it "may have" included personal identifiable information.
"You go with the flow," Burke said of the breach, noting that he'd rather know now that his data might have been compromised, rather than be notified months later when investigators determine exactly what was affected. "At least they have made an effort,” he said.
OPM Director Katherine Archuleta revealed at a House Oversight and Government Reform hearing Tuesday that workers affected by the data breach, which was detected in April but appeared to take place in December, span all three branches of government.
"[We] have now confirmed that any federal employee from across all branches of government whose organization submitted service history records to OPM may have been compromised even if their full personnel file is not stored on OPM’s system,” Archuleta said. Information compromised could include personal identifiable information including social security numbers and dates of birth.
Oversight and Government Reform Chairman Jason Chaffetz, R-Utah, asked Archuleta about recent media reports that the number of workers affected could include 14 million workers, rather than 4 million.
Archuleta said the original breach announced June 4 includes roughly 4.2 million workers. But through the course of investigating that hack, OPM uncovered a separate breach of its systems, and she did not have an estimate for the number of workers who were affected by that breach.
The OPM posted a notice on its website Monday regarding the second breach, stating that it involved background checks of current, former and prospective Federal government employees and "other individuals" who received a federal background check.
Connolly, who noted he had code word security clearance as a congressional staffer, said that means he could also be affected by the second breach.
"I was more concerned for my staffer," Connolly said. But, acknowledging reports that the hack originated from China, he added, "I think I’m kind of boring so I hope the Chinese find it very boring to read.”
See photos, follies, HOH Hits and Misses and more at Roll Call's new video site. Get breaking news alerts and more from Roll Call in your inbox or on your iPhone.