Audit finds new flaw at US Office of Personnel Management

A security review that followed the original hack at the US Office of Personnel Management (OPM) has turned up a new, but hopefully-unexploited, vulnerability.

The “Electronic Questionnaires for Investigations Processing” system, abbreviated to e-QIP, was found to be vulnerable under the review, and will be taken offline for as long as six weeks while it's fixed.

e-QIP is a set of Web forms used to “complete and submit background investment forms”, the OPM's brief statement says.

“This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted”, director Katherine Archuleta says in the statement.

Reuters reports that e-QIP was set up to process security clearances after September 11.

The discovery of the vulnerability, the newswire says, has some agencies switching to handling security clearance information on paper, adding that it “could prompt some intelligence agencies … to switch back to their own applications.”

The OPM's troubles, which began in late May, have already exacerbated a logjam in processing security clearances that began with budget cuts in 2013, and Reuters speculates that one response may be for the US government to issue fewer clearances.

The original estimate that four million users were affected has been upped to 10 million, and the FBI reckons that may below out to 18 million. ®