House Oversight letter probes OPM on deleted breach data

Chairman Jason Chaffetz is demanding OPM provide more information about a security tool its makers credit with detecting the massive hack the agency suffered over the summer.

House lawmakers are demanding more information from the Office of Personnel Management about a network security tool that its makers claim helped detect the huge cyber breach which rocked the federal government over the summer.

In a Sept. 9 letter to acting OPM Director Beth Cobert, House Oversight Committee Chairman Jason Chaffetz said he wants access to information that was reportedly erased from the tool, called CyFIR. He said the data the device held is relevant to the committee’s investigation of the recent breaches to OPM’s networks, which exposed the personal data of millions of federal employees.

“The deletion or loss of that data — intentional or otherwise — would damage the Committee’s effort to determine how and why OPM’s networks were infiltrated,” he writes. Ohio Republican Rep. Mike Turner also signed the letter.

Chaffetz writes that, during a demonstration to OPM officials in April, CyFIR discovered malicious code on the agency’s network, leading to the discovery of the massive breach. OPM held onto the tool during its response to the hack, and vendor CyTech reported the the device’s data storage drive had been wiped once OPM returned it on Aug. 20. OPM has said that its officials knew of the breach before the demonstration of the tool, and that CyFIR did not uncover the hack.


The committee is demanding OPM produce any documents related to the agency’s use of the CyFIR tool, especially those that mention the deletion of data; any information related to what CyFIR found; and all data on the device at the time the drive was wiped.

OPM spokesman Sam Schumach told FedScoop in an email that “OPM has received the committee’s letter and is working to respond in a timely manner.”

Latest Podcasts