U.S. News

New U.S. 'secret' clearance unit hires firm linked to 2014 hacks

WASHINGTON (Reuters) - A U.S. government bureau set up to do “secret” and “top secret” security clearance investigations has turned for help to a private company whose login credentials were used in hack attacks that looted the personal data of 22 million current and former federal employees, U.S. officials said on Friday.

Their confirmation of the hiring of KeyPoint Government Solutions by the new National Background Investigations Bureau (NBIB) comes just days ahead of the bureau’s official opening, scheduled for next week.

Its creation was spurred, in part, by the same hacks of the Office of Personnel Management that have been linked to the credentials of KeyPoint, one of four companies hired by the bureau. The officials asked not to be named when discussing sensitive information.

KeyPoint representatives did not respond to requests for comment sent by email and left on the company CEO’s voice-mail.

A spokesman for OPM said the agency in the past has said in public statements and in congressional testimony that a KeyPoint contractor’s stolen credentials were used by hackers to gain access to government personnel and security investigations records in two major OPM computer breaches.

Both breaches occurred in 2014, but were not discovered until April 2015, according to investigators.

OPM Director Katherine Archuleta resigned in mid-2015 amid scrutiny of the agency’s cybersecurity practices.

KeyPoint is one of four companies hired by the new NBIB to do field interviews for security clearance investigations, OPM and officials said earlier in September.

One U.S. official familiar with the hiring of KeyPoint said personnel records were hacked in 2014 from KeyPoint and, at some point, its login credentials were stolen. But no evidence proves, the official said, that the KeyPoint credentials used by the OPM hackers were stolen in the 2014 KeyPoint hack.

Earlier this month, OPM said it was awarding four contracts for “investigative fieldwork” to KeyPoint, CACI Premier Technology Inc, SCRA LLC and Securitas Critical Infrastructure Services. OPM said the four companies were the only ones to bid for the investigation contracts.

A congressional investigator noted that after OPM fired one major investigations contractor, the agency’s backlog in processing clearance investigations increased.

OPM officials said on Thursday one aim for NBIB is to reduce processing time for “top secret” clearances to 80 days from 170 days and for “secret” clearances to 40 days from 120 days.

Editing by Kevin Drawbaugh and Dan Grebler