In Wake Of Hack, OPM Shutters System For Federal Background Checks

PHOTO: The Theodore Roosevelt Building in Washington, headquarters of the Office of Personnel Management, is seen on June 19, 2015.Mike Levine
The Theodore Roosevelt Building in Washington, headquarters of the Office of Personnel Management, is seen on June 19, 2015.

Three weeks after U.S. authorities determined foreign hackers may have stolen sensitive government records tied to tens of millions of people, the Office of Personnel Management has now shut down a system tied to the breach, essentially bringing to a halt background checks for new federal employees, contractors and others.

According to an "alert" posted on OPM's website today, the Electronic Questionnaires for Investigations Processing system -- or “e-QIP” -- "will be down for an extended period of time for security enhancements.”

In a subsequent news release, OPM called it a "temporary suspension" that "will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”

Through the e-QIP system, OPM conducts more than 90 percent of the U.S. government’s background investigations – spanning 100 federal agencies from the FBI to the Department of Agriculture.

“e-QIP allows the user to electronically enter, update and transmit their personal investigative data over a secure internet connection,” OPM’s website says.

OPM estimates the system will be offline for four to six weeks, saying "in the interim" it will work with agencies to find "alternative approaches to address [their] requirements."

Only background investigations requested by agencies after Friday will be affected by the shutdown, according to an OPM spokesman.

"OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as it is safe to do so," OPM director Katherine Archuleta said in a statement.

The shutdown comes after at least 18 million people -- and potentially tens of millions more around the world, including relatives, friends and associates of those who had background checks conducted by the U.S. government -- likely had their personal information stolen by hackers who infiltrated e-QIP and other OPM systems, sources have said.

The nation’s top intelligence official, James Clapper, said Friday that China is “the leading suspect” in the massive hack.

Authorities suspect hackers stole forms -- known as “SF-86” forms -- which contain information submitted through e-QIP by government employees, contractors, certain military personnel, and others seeking security clearances, sources have told ABC News.

The forms require applicants to provide personal information not only about themselves but also relatives, friends and “associates” spanning several years.

The forms ask applicants about past drug use, financial history, mental health history and personal relationships. That type of information could be exploited to pressure or trick employees into further compromising their agencies, sources said.

In its announcement today, OPM insisted the move to shut down e-QIP was "proactive" after authorities recently "identified a vulnerability" in the system. The shutdown is also not "the direct result" of the OPM hack, and "[T]here is no evidence that the vulnerability in question has been exploited," Archuleta said in her statement.

On Wednesday, a top lawmaker called the breach a “significant” threat to national security.

“Only the imagination limits what a foreign adversary could do with detailed information about a federal employee's education, career, health, family, friends, neighbors and personal habits,” said Rep. Jason Chaffetz, R-Utah, the chairman of the House Oversight and Government Reform Committee.

The attack on OPM began in 2013, when hackers entered the systems of a government contractor, KeyPoint Government Solutions, and stole the “credentials” of an employee working on an project, according to recent testimony on Capitol Hill.

Last year, OPM’s inspector general warned the agency’s two systems covering background investigations and security clearances were not sufficiently protected against cyber-intruders.

Calling them among “the most critical and sensitive applications owned by the agency,” the inspector general said in a November audit that “any weaknesses ... could potentially have national security implications.”

The inspector general recommended OPM shut down those two systems and nine others found to be lacking sufficient security measures. But OPM director Katherine Archuleta decided against doing so.

“I had to make [a] very conscious and deliberate decision as to the impact of the shutdown of those systems,” Archuleta told lawmakers last week, as they pressed her on the issue.

She said a move like that would have “shut down the processing of annuity checks to retirees,” and it would have halted background investigations for new employees at agencies such as the Transportation Security Administration.

“I made a conscious decision that we would move forward with this but would make improvements as rapidly as possible, and we have done that,” she said.