The Washington post article "Security contractor says hit by computer breach" reports that U.S. Investigations Services, USIS, the largest contractor that carries out security checks, was breached.
An [Office of Personnel Management] OPM spokeswoman said that the agency was temporarily halting all of USIS’s background check fieldwork “out of an abundance of caution.” The spokeswoman, Jackie Koszczuk, said the hiatus will allow USIS to take “necessary steps” to protect its systems.
I wonder what "necessary steps" USIS will do to protect its systems that it wasn't already doing? And why wasn't it doing these things before?
Since USIS must collect very personal and sensitive information on people who will be given jobs with access to valuable and sensitive information, it would be an obvious target of attackers interested in financial crime and espionage.
Furthermore, I wonder if the attackers manipulated any of the data USIS collected. For example, if there was potentially damaging information about a potential future insider, could the attackers have removed the data to help that future insider get his (or her) security clearance? Could USIS determine if data they had collected was modified or deleted?