Second OPM Contractor Breached

Records of 48,439 Federal Employees, Contractors Exposed
Second OPM Contractor Breached

A computer breach at a second company that conducts background checks on employees and contractors for the U.S. federal government could further slow the process of clearing individuals to handle sensitive and top-secret information.

See Also: Deception-Based Threat Detection: Shifting Power to the Defenders

The breach of the computer network at KeyPoint Government Solutions might have exposed the personally identifiable information of more than 48,000 individuals, the U.S. Office of Personnel Management said on Dec. 18.

OPM didn't provide many details about the breach. "While there was no conclusive evidence to confirm sensitive information was removed from the system, it is possible that personally identifiable data may have been exposed," says Nathaly Arriola, deputy director of the OPM Office of Communications. "Out of an abundance of caution, OPM plans to notify 48,439 individuals whose PII may have been exposed in this incident, and it will offer them credit monitoring at no cost."

Exclusive Webinar: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

Stronger Security Controls

Arriola says KeyPoint, based in Loveland, Colo., has worked closely with OPM to implement additional security controls that will afford its network greater protection.

In August, OPM confirmed the breach of computers at another contractor, U.S. Investigations Services, which exposed the personal data of 25,000 employees and contractors, leading OPM to not renew a contract with that company (see What's Behind OPM's Ousting of USIS?). OPM says the USIS breach caused a slowdown in processing security clearances.

"As far as impact on vetting employees and contractors getting clearances, the investigation into [the KeyPoint] breach may further slow down the clearance process which has already been stalled due to the USIS breach," says Evan Lesser, who closely monitors the government's security-clearance process as managing director of, a professional network of security-cleared people.

KeyPoint Vs. USIS

The government gave no indication that it would terminate its relationship with KeyPoint as it did with USIS. USIS also worked on the security clearances of National Security Agency leaker Edward Snowden and Aaron Alexis, who fatally shot 12 people and three others at the Naval Sea Systems Command at the Washington Navy Yard in September 2013. USIS contends it followed procedures in its investigations of Snowden and Alexis.

USIS also is being sued by the Justice Department. A whistleblower accused the company of speeding through a mountain of investigations as the wars in Iraq and Afghanistan fueled a heightened demand for cleared workers, according to the Washington Post. The Justice Department joined the whistleblower civil suit, accusing the company of submitting 665,000 background checks that were incomplete. USIS says it has fully cooperated with the Justice Department and has new leadership at the company.

"I'm not aware of any problems with KeyPoint and their work with the government," Lesser says. "They have been a longtime supplier of investigative and other services to the government without incident - definitely no issues on par with USIS."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.