The Daily Beast on just how bad the OPM hack has been for personnel holding security clearances or having gone through the adjudication process, as the OPM hackers stole intimate secrets of US government workers sex lives and more:

How invasive are these exams? One applicant admitted to shooting his 19-year-old son in the leg during a physical altercation, sparked by an argument over whether his son’s girlfriend could live with him in the applicant’s grandmother’s house.

Another applicant who’d held a clearance for 25 years while serving in the military had an affair with his former college roommate’s wife “on and off for more than twenty years,” his adjudicator noted. The applicant told the wife about affair in 2014, and they’re “working through their problems.”

A third applicant was reprimanded by his supervisor for accessing pornography on his work computer. He had “not told his wife about these issues because he feels embarrassed by his conduct,” his file notes.

Debts and drug and alcohol abuse are frequently considered in the adjudication process. One applicant was found to owe nearly $1.8 million from, among other things, four mortgages on three condominiums. He was denied a clearance. But another applicant’s clearance was granted on the condition that he stop drinking, after going through four alcohol addition treatment programs and relapsing every time.

That this information was available on the internets is just unbelievable. Even basic security protocols for accessing sensitive information remotely was completely ignored. While I understand OPM may be doing all they can, their best is not even close enough to call it semi-competent.

Why did OPM not employ VPN’s for remote access to this sensitive information? How come malicious actors from outside of .gov and .mil were able to directly access OPM assets? Why did this sensitive data remain accessible from the internet as well as from the local area network where the attackers presumably entered?

There remain so many outstanding questions about how this attack occurred that I eagerly await the lessons learned.