Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

China Says Data Privacy Hacking Not Sanctioned by Government

Earlier this month, China admitted for the first time publicly that the data privacy breach of the U.S. Office of Personnel Management's computer systems was the work of Chinese hackers. However, China insisted that these attacks were the work of criminals, not a state-sponsored attack. There has been no information released about any identifying details of these criminals.

That last point is something that some in the U.S. have debated. The sophistication and length of the attack give some doubt to the rouge criminal theory. Also, the financial information has not been used for fraud, which is atypical of a criminal data breach.

The data privacy breach itself was massive and extremely sophisticated. In fact, the breach went on for over a year before it was even discovered. It involved the security-clearance forms of millions of federal employees, veterans, contractors and others. These forms include information about health, finances and other Personally Identifiable Information (PII) for 19.7 million people who underwent government background checks in the last 15 years, as well as 1.8 million other people such as spouses and friends.

The data privacy breach was so large, in fact, that the Office of Personnel Management is still trying to notify all of the victims.

Overall, this is one of the larger breaches in U.S. history and exposed millions of U.S. citizens PII to China. What is being done with this information is yet to be seen.

From a records management point of view, although it may be impossible to prevent a breach from ever happening, it is critical to have a solid information governance strategy to limit exposure and separate sensitive records from everyday documents. Involving every department ensures that any information that could be deemed sensitive is considered in the overall plan. Managing every record properly and proactively will improve efficiency, control costs and reduce risk.

By Andrew Borgschulte

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.