The agency said there's no evidence the system was hacked. It discovered the vulnerability during an ongoing review of its IT systems, it said, which is being carried out in the wake of at least two serious security breaches.
Still, it's a big inconvenience. The system, called E-QIP, is used by multiple agencies to carry out background checks on potential new hires, and it will be offline for four to six weeks, the OPM said.
"The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited," the agency said, calling the decision to take E-QIP offline a proactive measure to ensure 'the ongoing security of its network."
The OPM has been hit by at least two major breaches. One, reported earlier this month, is feared to have resulted in the theft of personnel records of millions of current and former government employees.
A second breach was apparently carried out by hackers with connections to China and targeted a database containing copies of a 120-page questionnaire that's used by people seeking a national security clearance.
The Chinese government has denied the accusations.
The OPM essentially serves as the government's human resources department and handles functions like hiring and retaining staff and running background checks.