The federal agency at the center of the major data breach that has shaken the government announced on Monday it was suspending its Web-based platform used to fill out and submit background investigations.
The Office of Personnel Management (OPM) said it had discovered a security flaw in the system that would require weeks to correct.
The OPM revealed several weeks ago that hackers had infiltrated its database that stores security clearance background check forms. It was the second of two breaches at the agency that have likely laid bare over 18 million people’s sensitive information.
Officials have called China the “leading suspect” in what’s believed to be part of a massive digital espionage campaign.
The compromises have raised serious concerns about whether the agency is taking proper steps to secure some of the most sensitive data the government collects. Background check forms contain intimate personal history information, such as details on drug abuse and sexual infidelities.
In an effort to quell those security concerns, the OPM launched a thorough review of its cyber defenses.
It was this self assessment that led to the decision to take down the online background check platform, known as the e-QIP system, the agency said.
The OPM explained it had discovered a security flaw in the system and decided it was safer to take e-QIP offline until it could fix the vulnerability.
It will take four to six weeks to patch the flaw, the agency estimated. There is no evidence hackers had discovered or exploited the security shortcoming, it added.
“This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted,” said OPM Director Katherine Archuleta in a statement.