Monday, July 13, 2015

Jason Atchley : Data Security : Judiciary in "Disaster" Mode After OPM Data Breach

jason atchley

Judiciary in 'Disaster' Mode After OPM Data Breach

Scope of breach "very unsettling," chief judge of Washington's federal district court said.
, The National Law Journal
    | 0 Comments

Office of Personnel Management in Washington, D.C.
Office of Personnel Management in Washington, D.C.
Federal judges and judiciary employees were among the millions of federal employees whose personal information was compromised in a data breach.
Judges and judicial branch officials told the NLJ this week that they and many of their colleagues received alerts in recent weeks that their information was potentially stolen in a breach of 4.2 million federal employees’ personnel records announced last month by the Office of Personnel Management (OPM).
The federal judiciary has been in crisis mode, according to David Sellers, a spokesman for the Administrative Office of the U.S. Courts. Officials are meeting weekly at a minimum, the judiciary set up an internal website for employees with relevant information, and the Administrative Office has sent out seven branchwide memos with updates to date, according to Sellers.
“Anything that compromises personal information and consequently threatens safety and security is a great concern,” Sellers said. “We treated this at the [Administrative Office] the same way we would treat a disaster, like if a hurricane hit a court.”
On Thursday, OPM announced a second data breach affecting 21.5 million people, including 19.7 million individuals who applied for background investigations through the agency. An estimated 3.6 million federal employees affected by the personnel records breach announced in June were also affected by the background investigations records breach, according to OPM. It was not immediately clear if judges and other judiciary employees fell into that group.
READ MORE:
Judicial security, including financial security, is a sensitive issue for courts, which routinely contend with threats against judges. Congress over the years adopted special protections to keep judges’ personal information out of the public realm, such as permitting judges to redact certain information about their finances in public financial disclosure reports.
Karen Milton, circuit executive for the U.S. Court of Appeals for the Second Circuit, said judges had been urged to alert the U.S. Marshals Service, which oversees judicial security, if their information was compromised in the OPM data breaches. A spokeswoman for the Marshals Service referred questions about its response to the data breaches to OPM.
“Of our judges who I know who have been notified, they are concerned about this,” Milton said. She added that some employees, including herself, did not receive an initial notice from OPM and only learned that they may have been affected by the breach after calling the company chosen by OPM to provide identity-theft and credit-monitoring services.
A spokeswoman for the U.S. Supreme Court declined to say whether any of the justices received a letter from OPM.
Laurie Smith Camp, Chief Judge of the United States District Court for the District of Nebraska. HANDOUT.
Chief Judge Laurie Smith Camp (left) of the U.S. District Court for Nebraska said she received a letter from OPM that her information was compromised. She said she was at meetings this week with court personnel, and “all the hands went up when I asked how many had received letters” from OPM.
The Administrative Office of the U.S. Courts is concerned about the services offered by OPM to employees affected by the personnel records breach, according to a memo that Administrative Office Director James Duff sent to judges and judiciary officials on July 7.
“The credit-monitoring services are available for only 18 months and none of the services cover family members,” Duff wrote. “Both the scope and duration of the services concern us, as well as many of our judges and employees.”
A spokesman for OPM said the agency was reviewing the judiciary’s feedback.
If judges or judiciary employees fall into the group of individuals whose information was compromised in the background investigations breach, they’ll be eligible for more robust credit monitoring and identity-theft protection. Those services will be offered for at least three years, according to OPM.
OPM said it will notify individuals affected by the background investigations breach in the coming weeks.
Richard Roberts.
Chief Judge Richard Roberts (left) of the U.S. District Court for the District of Columbia said judges and employees in his courthouse received letters from OPM that their information may have been compromised in the personnel records breach. He declined to say if he received such a letter, citing security concerns.

'Very unsettling'

The scope of the breach was “very unsettling,” Roberts said. As for whether OPM had done enough to protect federal employees whose information may have been stolen, he said it was too early to tell.
Duff has said that strengthening the judiciary’s cybersecurity protections is a priority for the Administrative Office. One downside to the judiciary giving circuits control over local affairs was that cybersecurity efforts were decentralized, Duff said, speaking in late June at a meeting of D.C. judges and court officials. The judiciary was looking into more uniform defense systems, he said, but added that it would also take a “culture change” among the judges and employees to be aware of how they protect their information online.
Judges historically have had a reputation for being tech-unsavvy. Roberts acknowledged that many judges may spend too little time thinking about their vulnerability online. “It’s a new issue for us,” he said.
Chief Judge Fred Biery of the U.S. District Court for the Western District of Texas said he doesn’t own a personal computer, and only uses his work computer when necessary. He received a letter from OPM about the data breach and signed up for the credit monitoring and identity-theft services. He said his presence on the web was limited, however.
“I use voice recognition software: It’s my voice and my clerks recognize it,” Biery said. “I can’t get hacked on a personal computer if I don’t have one.”


Read more: http://www.nationallawjournal.com/id=1202731852353/Judiciary-in-Disaster-Mode-After-OPM-Data-Breach#ixzz3flyCVpDA




No comments:

Post a Comment