WASHINGTON, D.C.–U.S. Senator Gary Peters (D-MI), Ranking Member of the Homeland Security and Governmental Affairs Committee, is pressing for information on how a new mass email system set up at OPM to contact all federal employees complies with current laws and guidance for cybersecurity, privacy and managing associated risks. On January 23, 2025, the Office of Personnel Management (OPM) set up a new email address and server that was used to send all federal employees the recent “Fork in the Road” email, offering resignation opportunities for career federal employees.
“Improperly securing our federal systems presents unacceptable national security risks as we have learned through cyberattacks in previous years, including China’s hack of the personal information of more than 20 million federal workers and job applicants from OPM itself,” wrote Senator Peters. “By hastily setting up the server and email and ignoring requirements and regulations, OPM has invited foreign adversaries and cybercriminals into the agency’s networks and databases and damaged trust in the agency rebuilt after the 2015 hacks.”
Federal agencies are frequently attacked by foreign adversaries, cybercriminals, and so-called hacktivists who target Americans’ data or the disruption of critical services. In 2014 and 2015, OPM was targeted by Chinese hackers in one of the largest personnel records breaches, resulting in the exfiltration of over 20 million records. Since then, Congress has passed significant bipartisan cybersecurity and privacy reforms, including requiring privacy and cyber risk assessments before new systems or services go online.
The full text of the letter can be found here.
###