The US government has been criticized about the general strength and efficacy of its security policy in the wake of the attack on the Office of Personnel Management (OPM). The full extent of this breach is continuing to leak into the public domain, with some suspecting that the exact nature of the breach was deliberately under-reported in the first instance. Because of the type of data that was accessed, it may be many years before the full exploitation of this data is felt by those individuals affected.
Industry experts have long warned that the security offered by the OPM was inadequate and that even basic steps such as encryption or two step user verification were not being implemented. At the same time, the US government has been urging citizens to upgrade their own cyber security whilst failing to put its own house in order.
Criticism has also been leveled against the Department for Homeland Security, the agency responsible for securing government systems. Reports suggest that the use of default passwords to gain access to systems is widespread and that some agencies are running systems so outdated that software companies are no longer supporting them.