FLEOA OPM Letter on Hack June 2015

June 12, 2015
Katherine Archuleta
Office of the Director
United States Office of Personnel Management
Theodore Roosevelt Federal Building
1900 E Street, NW
Washington, D.C. 20415-0001
Re: Compromise of Personal Information
Dear Director Archuleta:



Kindly be advised that I am Executive Director of the Federal Law Enforcement Officers Association. We represent 28,000 Federal Law Enforcement Officers worldwide. Last week, the Office of Personnel Management (OPM) admitted a major cyber-attack took place in December 2014, but it was only detected in April, 2015. According to reports, the hack compromised the personal information of some four million Federal employees. The compromised database also contains hundreds of other pieces of information regarding Federal employees and their spouses including age, gender, race data, and birth dates.

This event is nothing short of shocking and it further appears that Social Security numbers stored in the database were not encrypted, which is an absolutely abysmal cyber-security failure.
Moreover, OPM is also the repository for extremely sensitive information assembled through background investigations of employees who hold security clearance, and most of our members hold a security clearance.
The issue of cyber-security is of overwhelming importance to the law enforcement community, and there is no time to be less than diligent to address our concerns.

While the notification process and credit monitoring services by OPM are a band aid for the potential injury, the fact that federal law enforcement information may have also been breached greatly concerns our members.

Since Federal Law Enforcement Officers target, investigate and apprehend these criminals, it stands to reason that this cyber-security failure places them at higher risk than most others.
We would like to know if OPM:

1) Plans to identify those law enforcement officers hacked.
2) Notify both the officer and relevant agency regarding the hack.
3) Reveal the extent of the information compromised, and or stolen.
4) Perform or have performed a threat assessment of the hack for law enforcement officers.
5) Consider placing law enforcement officer’s information in a separate and secure database with a higher level of protection.
6) Does a law enforcement officer’s personnel file contain any identifying information as to occupation.
7) What steps are being taken to assess and cure the physical safety threat to our law enforcement officers and their families both domestically and abroad.

We look forward to your immediate attention and prompt response to our concerns.

Respectfully submitted,

Steven V. Lenkart
Executive Director
Federal Law Enforcement Officers Association