Hacker used federal contractor’s credentials, government director says

WASHINGTON — The head of the government department that suffered two massive cyberattacks says a hacker gained access to the agency’s records with a credential used by a federal contractor.

Katherine Archuleta, director of the Office of Personnel Management, told a Senate hearing on Tuesday that an “adversary” somehow obtained a user credential used by KeyPoint Government Solutions, a contractor based in Colorado.

She didn’t say specifically when that occurred or if it was related to the two cyberbreaches that exposed private information about nearly every federal employee and personal histories of millions with security clearances.

She says her agency has no evidence suggesting KeyPoint was responsible for or directly involved in the cyberattacks. She says her office has worked to add security controls to help protect its records.