The House Committee on Oversight and Government Reform grilled OPM officials and IT executives about the breach. The hearing focused on what information was stolen and why the OPM hadn t been able to shore up its defenses. A report from the Office of the Inspector General last year found a number of deficiencies in OPM s security infrastructure, including the existence of several unauthorized systems and the lack of a mature vulnerability scanning program. OPM has since added 2FA in some places, but the improvements did not placate the committee members.
Source: https://threatpost.com/opm-breach-dates-back-to-december/113361/