D'oh! Worst Hacking of US Federal Records Was 'Entirely Preventable'

A House watchdog group has revealed that one of the worst cyber attacks on the U.S. government could have been prevented.

That attack, widely blamed on China, compromised personal information of more than 21 million federal employees, including security clearances, background checks, and fingerprint records.

Republican leaders of the House Oversight Committee say basic security procedures would have protected any sensitive information.

"We have literally tens of millions of Americans whose data was stolen by a nefarious overseas actor, but it was entirely preventable," Rep. Jason Chaffetz, R-Utah, said.

Their report shows the breach could have actually been prevented if the Office of Personnel Management (OPM) had put basic security controls in place.

The personnel agency had been warned for years that it was vulnerable to hackers. The government discovered the first OPM hacking in March 2014 when a specialized Homeland Security Department team noticed suspicious streams of data leaving its network overnight.

It was the online equivalent of moving trucks hauling away filing cabinets containing confidential papers in the middle of the night.

While the OPM focused on trying to stop that one hacker, it failed to quickly deploy security tools from an outside firm to detect malicious code and other threats.

That allowed a second intruder to do the worst of the damage, which went completely undetected until April 2015.

Once deployed, the outside security tool created from Cylance Inc. of Irvine, California, "lit up like a Christmas tree," indicating it found malware throughout the federal computers, an engineer stated in the report.