Over 22 Million Exposed in Largest Hack in US History

Data Breach

by
July 10, 2015

The personal data of more than 21.5 million Americans has been hacked and stolen in a new breach, the Office of Personnel Management (OPM) announced on Thursday.

That’s more than five times the 4.2 million stolen files announced on June 4 involving a different breach of federal records. 3.6 million people were affected by both events, OPM said, bringing the total number of individuals affected by the pair of hacks to 22.1 million.

The recent breach mostly involved individuals who were required to submit to government background checks and security clearances. Some relatives of those individuals were also affected.

“If an individual underwent a background investigation through OPM in 2000 or afterwards … it is highly likely that the individual is impacted by this cyber breach,” OPM said.

Unlike the breach announced on June 4, which mostly involved the unauthorized access of social security numbers, addresses, and birthdates, the hack announced on Thursday apparently involved much larger amounts of information.

Specifically, the breach targeted data collected on so-called SF-86 forms, documents used for conducting government background checks. The comprehensive 127 page forms include information obtained from applicants’ neighbors, friends, and family, as well as data on applicants’ drug and criminal history, finances, relationships, and sexual orientation. In this case, at least 1.1 million fingerprints were also stolen.

China is believed to be behind the attacks, although their motivation is currently not clear. The information could be used for a number of purposes.

Some have speculated that the Chinese could use the data against foreign diplomats, or that China could use the information to blackmail or punish its own nationals having unauthorized contact with the U.S. government. The Chinese government has so far denied involvement.

OPM has been scrambling to manage the situation. Several agencies and administrators have said they will work to put new programs and protocols in place to enhance the nation’s cyber-security.

OPM, meanwhile, announced that it had set up a call center and web site to respond to questions by those who may have been affected. It has also set up ID theft monitoring services for people whose data was breached.

Many people, however, feel as though this is not enough. They’ve criticized OPM for not discovering and announcing the breach sooner, and for not doing more to safeguard its personnel records.

A growing number of politicians called for OPM Director Katherine Archuleta to resign.

Congresswoman Barbara Comstock, whose information was also hacked, said, “It goes to the top …This is a failure of leadership on her part… I think she should step aside.”

In response to the overwhelming pressure, Archuleta has officially resigned.

“I truly understand the impact this has on our current and former employees, our military personnel and our contractors,” she told reporters Thursday. “Each and every one of us at OPM is committed to protecting the safety and the security of the info that is placed in our trust,” she added.

The Obama administration has stood by Archuleta so far.

In any case, millions of individuals are now left wondering whether and how their information may be used against them.

 

Facebooktwitterredditpinterestlinkedinmail