From Julian Sanchez:
In recent years we’ve discovered that even the parts of the government you’d expect to maintain the most secure computer networks—from the Office of Personnel Management to the National Security Agency—were embarrassingly vulnerable to being hacked and having highly sensitive data exfiltrated. So perhaps it shouldn’t come as much surprise that the United States Congress isn’t exactly a model of cybersecurity either: Earlier this month, we learned that the legislative branch’s Office of Compliance (OOC) had until very recently been storing its records of sexual harassment complaints and settlements on an insecure server operated by a contractor. In a blistering letter to the OOC written back in February, Sen. Ron Wyden (D-Ore.) noted that the server had never undergone a cybersecurity audit, and charged that the office had failed to implement even “rudimentary defensive network-security best practices.”
Wyden’s focus in his letter was, understandably, on the threat this posed to anonymity of those who register complaints about workplace harassment. But at a time when “kompromat” has become a commonplace part of our political lexicon, many readers will naturally think of a very different sort of risk: For the most sophisticated network infiltrators, employed by foreign intelligence agencies, the real appeal of such data would be its potential for selectively embarrassing, or exercising leverage over, members of Congress and their senior staffers.