[Frost1x]

Yes. In case you're asking what OPM is and not just the acronym intended, OPM is an agency that manages and maintains stewardship of a stupid amount of information about all employees that work for or closely with the federal government.

Background checks and investigations, healthcare related policy information, etc. e-QIP, managed by OPM specifically, collects a lot of highly sensitive information on federal employees working in the national security ecosystem was hit:

https://en.m.wikipedia.org/wiki/E-QIP#e-QIP_security_breach

[pbak]

Holy hell... no wonder they snuffed it out in the media.

I live in Eastern Europe. A local city with a population of 300-400k was hit with a near total ransomware attack. The hackers asked for 400 bitcoin.

The mayor answered to them on TV "You fools, we still do most things on paper here ! We'll just spend the week-end installing windows and word and F** Y* !!!"

I sometime find wisdom in the approach from olden times :-)

[djrogers]

> Holy hell... no wonder they snuffed it out in the media.

The OPM hack wasn’t ‘snuffed out’ by any means - it was fairly well covered for a cyber attack of it’s era. Perhaps it wasn’t covered much in your part of Eastern Europe, but it was definitely not covered up.

The fact that some people have forgotten about it is a completely different issue.

[A4ET8a8uTh0]

I do watch major networks in US and the coverage on CNN and FOX amounted to 'Russia did it' or 'Russia prolly did it'. There was no meaningful coverage of impact or what the Solarwinds hack amounted to. To be frank, compared to coverage of a hurricane, it got minimal necessary coverage. I agree with parent's assertion that it was snuffed out.

[pbak]

I had recently just moved back from NYC at the time. I was kinda still plugged 24/7 to the US media sphere.

But it's true that I don't remember it at all, even though I worked in a field parallel to CompuSec and usually notice those events.

[miohtama]

They should also have the old wisdom of not connecting critical systems to Internet.

[pbak]

Those were not "critical systems". It was all the desktop computer used for basic office work (email, word processors, etc).

Major mission critical systems are managed by the country's Ministry of the Interior, and haven't had a major hack (yet), as far as is publicly known.

And besides, how are those poor souls gonna connect to Facebook during their mandatory 10 o'clock coffee pause ?

[lanstin]

It is becoming harder and harder to install software on systems without internet connectivity. More and more things assume they can hit maven or npm or random other places at deploy time; even expensive well regarded third party software. At least Golang deploys are ok. (Source: running prod systems with a mandate of no internet connectivity).