The Washington Post on why OPM should have been prepared for the latest cyber attack and some disturbing news both for tax payers and IT security professionals (emphasis added):
An annual audit of its information security systems released last year showed the agency had major security problems. And it had already suffered a breach thought to target sensitive information about government security clearances.
According to a report by OPM’s inspector general’s office released in November, the agency couldn’t even find all of its equipment.
“OPM does not maintain a comprehensive inventory of servers, databases, and network devices,” the audit, which reviewed the agency’s operations through September, found.