CyFIR News

CyFIR News

OPM Officials Returned CyFIR Enterprise Trial After Deleting Images from OPM’s Own Incident Response

News, OPM

Sean Gallagher, in an Ars Technica article, states:

Ironically, the tool that discovered the ongoing breach, CyFIR from CyTech Services, was never actually purchased by OPM. Though Seymour told Congress OPM had purchased licenses after a trial in a segregated test network, the tool was actually demonstrated on OPM’s live network, and no licenses were ever purchased. OPM officials returned the trial software after deleting images from OPM’s own incident response—images that included “more than 11,000 files and directories” of forensic data, the report noted.

“Documents and testimony show CyTech provided a service to OPM and OPM did not pay,” the report found, noting that this violated federal law against accepting voluntary services.