Massive breach of US Govt workers’ personal data

June 5th 2015

The US Government is assessing the impact of a massive data breach at the Office of Personnel Management (OPM) – the agency that screens and hires federal workers and approves security clearances for 90% of the federal government. Governement officials are saying that the breach originated in China, but the Chinese Government is denying any involvement.

For Get Safe Online's information and advice for organisations on information security, click here.

The investigation is being led by the FBI following the discovery of the breach by the OPM in April. OPM said it was working with the agency and CERT — the Department of Homeland Security's Computer Emergency Readiness Team — "to determine the full impact to federal personnel." Officials have said that so far it is not thought that the "worst-case scenario" has occurred – the compromise and disclosure of the identities of covert CIA agents.

The breach, which has compromised the personal details of up to four million current and ex government employees, exploited a 'zero day' vulnerability (one that was previously unknown). It could be the biggest cyberattack in US history, potentially affecting every agency of the administration. 

The employees will be sent notices next week that their personal information, which includes names, dates of birth and social security numbers, may have been hacked. 

Speaking to NBC News, Republican Senator for Maine Susan Collins, a member of the Senate Intelligence Committee, said: "The ramifications are very serious. Potentially four million former and current federal employees have had their information compromised, and because OPM is the agencies that holds security clearances, that's giving a potential enemy like China very valuable information."

Zhu Haiquan, speaking for the Chinese Embassy in Washington DC, denied that China was involved, telling NBC News that "Chinese laws prohibit cyber-crimes of all forms. Jumping to conclusions and making hypothetical accusations is not responsible and counterproductive.".

Every current of formerly employee receiving a notice will be provided with government assistance with credit reports and identity theft insurance, the OPM says. . The Federal Trade Commission (FTC) posted guidance last evening for anyone suspecting their data may have been compromised.

Senator Collins went on to say: "If a foreign country can invade OPM, apparently pretty easily, and steal the data of 4 million federal employees, just think what a determined adversary could do to our critical infrastructure," Collins said. "They could cause widespread death and destruction, and that's what I'm most worried about. We should have passed a bill years ago, and I don't know how many more breaches our country has to witness before we finally pass a tough cybersecurity law."

Senator Adam Schiff is the senior Democrat on the House Intelligence Committee. He said "(It is) most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses. It's clear that a substantial improvement in our cyber-databases and defenses is perilously overdue."

Republican Senator Richard Burr, Chairman of the Senate Intelligence Committee, agree: "We cannot continue to lookin  the other direction. Our response to these attacks can no longer simply be notifying people after their personal information has been stolen. We must start to prevent these breaches in the first place."




By Get Safe Online

Written by

In partnership with