The OPM announced that it has temporarily suspended its Electronic Questionnaires for Investigations Processing (e-QIP) system to fix a security flaw.
According the results of a security audit conducted after theĀ hack at the US Office of Personnel Management (OPM) the systems of the US Department are affected by a serious vulnerability.
The vulnerable system is theĀ āElectronic Questionnaires for Investigations Processingā, aka e-QIP, according to an official statement from the OPM it will be taken offline for as long as six weeksĀ in order to patch the vulnerability.
“The U.S. Office of Personnel Management today announced the temporary suspension of the E-QIP system, a web-based platform used to complete and submit background investigation forms.Ā ” theĀ OPM’s statement states. “OPM expects e-QIP could be offline for four to six weeks while these security enhancements are implemented. OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as it is safe to do so.”
What is theĀ e-QIP?
e-QIP is a set of Web forms used toĀ conduct background checks for federal security,Ā suitability, fitness and credentialingĀ purposes. It allowsĀ to “complete and submit background investment formsā, as explained in the OPM’s statement says.
“Welcome to the Electronic Questionnaires for Investigations Processing (e-QIP) system. e-QIP is a web-based automated system that was designed to facilitate the processing of standard investigative forms used when conducting background investigations for Federal security, suitability, fitness and credentialingĀ purposes. e-QIP allows the user to electronically enter, update and transmit their personal investigative data over a secure internet connection to a requesting agency.” states the official page of the e-QIP.
According to theĀ OPM, the temporary suspensionĀ of the e-QIP system is a proactive step taken to improve the security of the organization, and it is not related to the OPM hack. Ā The investigatorsĀ have no evidence that the flaw has been exploited since now.
āThe security of OPMās networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls,āstated OPM Director Katherine Archuleta. āThis proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.ā
There is a lot of confusion about the number of people affected by the OPM hack, the original estimate that four million users were affected, but the FBI admitted that at least 10 million people were impacted and some estimates even reach 18 million.
The American Federation of Government Employees (AFGE) has filed a class actionĀ lawsuitĀ against the OPM and its executives. The AFGE has highlighted that the audits conducted by the OPM over the past years have revealed the existence of several security issuesĀ thatĀ ācould potentially have national security implications.ā
According to the AFGE, theĀ OPM failed to adopt a proper security posture adopting necessary countermeasures.
(Security AffairsĀ āOPM, hacking)