|
|
|
|
|
|
by FooNull
3993 days ago
|
|
|
>is this any different than what would happen if a dedicated attacker came after the most valuable data in your company? My company didn't compile detailed background information about my "sexual misconduct", or spend money trying to detail the ways in which I might be blackmailed. So yeah, it's a little different. |
|
|
What I'd like to know is how this information failed to warrant even the level of protection mandated for medical records - according to at least one major news source, the data wasn't even encrypted. The standard criteria in the US for "top secret" classification is described as material having the potential to cause "exceptionally grave damage" to the national security of the nation. A database of information pertaining to a process designed to collect all information potentially usable for coercion (blackmail, social ties, etc) of all the individuals in the most sensitive positions of the government, should have been classified and protected at the Top Secret level.
Frankly, the outrage I've seen so far is not nearly enough for the scale of the irresponsibility here. I firmly believe the director and CIO of the OPM should not only be removed from office, they should be subject to criminal charges for mishandling information that clearly _should_ have been classified.