The Office of Personnel Management (OPM) has taken offline a web-based platform used to complete background investigations due to the discovery of a security vulnerability. According to a statement posted on the OPM's website, the move to temporarily suspend the portal, known as E-QIP, follows a comprehensive review of the government agency's IT systems.
"Director Katherine Archuleta recently ordered a comprehensive review of the security of OPM’s IT systems," the statement reads. "During this ongoing review, OPM and its interagency partners identified a vulnerability in the e-QIP system. As a result, OPM has temporarily taken the E-QIP system offline for security enhancements."
The post goes on to say that E-QIP, which is used as part of the OPM's EPIC software suite to process security clearances and background checks, will likely be unavailable for the next four to six weeks as improvements are made to the platform's security.
In the meantime, the OPM has reassured the public that its actions are not motivated by malicious activity on its networks and that there is currently no evidence that the vulnerability has been exploited in the wild. News of the E-QIP vulnerability follows two data breaches at the OPM which are believed to have compromised the personally identifiable information (PII) of as many as 18 million former, current, and prospective federal employees. To learn more about these incidents, please view this timeline. More recently, it was also announced that the American Federation of Government Employees, a federal labor union, has filed a class-action lawsuit against the OPM alleging that their negligence led to at least one of the data breaches now being investigated by the Department of Homeland Security (DHS) and the FBI. Among other things, the proposed lawsuit alleges that the OPM has disregarded multiple warnings by the Office of Inspector of General about its security protocols since as far back as 2007.
