The inspector general's report found several huge security holes in the Office of Personnel Management's network. It said that two systems used by the Federal Investigative Service had massive security flaws. The report recommended shutting the systems down, but that didn't happen because of a backlog of security clearances. And, that's not all.
It did not regularly scan for vulnerabilities in the system, and found that 11 of the 47 computer systems that were supposed to be certified as safe for use last year were not “operating with a valid authorization.”
The Office of Personnel Management also didn't use multifactor authentication to verify user identities. Multifactor authentication is a security measure used by banks and other companies that do business online. It sends you a text message, phone call or email with a one-time-use code every time you try to log into your account.
The Office of Personnel Management is now in the process of adding two-factor authentication to its network.