An entire US government program is to be suspended in order to fix vulnerabilities discovered during a security audit.
The U.S. Office of Personnel Management (OPM) announced that the program, used to complete background investigations, was reviewed following a high-profile data breach in another department according to Reuters. OPM said it would take e-QIP offline for 4-6 weeks until security can be enhanced, and that there was no evidence that the flaw had been exploited by attackers.
In a security review, a vulnerability was discovered in the vetting program, called Electronic Questionnaires for Investigations Processing (e-QIP).
“The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited,” the agency said, calling the decision to take E-QIP offline a proactive measure to ensure ‘the ongoing security of its network”, the OPM said, according to PC World.
“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls,” OPM Director Archuleta said to the Washington Post.
“This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted”.
The OPM has been hit by at least two major breaches in recent months, one which may have resulted in the theft of personnel records of millions of current and former government employees, and another targeted attack on a 120-page questionnaire used by people seeking national security clearance.