22.1 Million People Compromised in Hack of Government Personnel Data

(New York magazine) Last month we learned that hackers stole the personal data of at least 4 million current and former government workers, and a few days later it was reported that every federal employee might be affected. Now that number has expanded to include people who merely know someone who tried to work for the federal government in the past 15 years.

Following a forensic investigation of two cyberattacks in 2014, the Office of Personnel Management announced on Thursday that hackers accessed their files on least 22.1 million people — which is about 7 percent of the U.S. populationaccording to Business Insider. That includes information from 19.7 million people who applied for background checks, 1.8 million non-applicants (mainly applicants’ family members), and 4.2 million federal employees (about 3.6 million people were in both of the compromised systems).

Initially, the federal government suggested files of those seeking security clearances had not been compromised, but now OPM says the breach includes basically everything you could want to know about a person:

Following the conclusion of the forensics investigation, OPM has determined that the types of information in these records include identification details such as:

  • Social Security Numbers
  • residency
  • educational history
  • employment history
  • information about immediate family
  • information about other personal and business acquaintances
  • health, criminal and financial history
  • and other details.

Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

While background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

“It is a very big deal from a national security perspective and from a counterintelligence perspective,” FBI director James Comey told reporters on Thursday. He said he believes hackers have his Standard Form 86, which all applicants for security clearances are required to fill out. “If you have my SF 86, you know every place I’ve lived since I was 18, contact people at those addresses, neighbors at those addresses, all of my family, every place I’ve traveled outside the United States,” he said. “Just imagine if you were a foreign intelligence service and you had that data.”

The same party is believed to be responsible for both hacks, and Andy Ozment, a cybersecurity official at Homeland Security, said both times they gained access to the system “via a compromised credential of a contractor.” . . . . (more)

 

Hacks of OPM databases compromised 22.1 million people (Washington Post)

Two major breaches last year of U.S. government databases holding personnel records and security-clearance files exposed sensitive information about at least 22.1 million people, including not only federal employees and contractors but their families and friends, U.S. officials said Thursday.

The total vastly exceeds all previous estimates, and marks the most detailed accounting by the Office of Personnel Management of how many people were affected by cyber intrusions that U.S. officials have privately said were traced to the Chinese government.

But even beyond the rising number of apparent victims, U.S. officials said the breaches rank among the most potentially damaging cyber heists in U.S. government history because of the abundant detail in the files. Officials said hackers accessed not only personnel records of current and former employees but also extensive information about friends, relatives and others listed as references in applications for security clearances for some of the most sensitive jobs in government.

“It is a very big deal from a national security perspective and from a counterintelligence perspective,” FBI Director James B. Comey said at a meeting with reporters Thursday at the FBI headquarters. “It’s a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government.”

Other U.S. officials said that a foreign intelligence service could use the information to identify U.S. intelligence operatives, and that China is suspected of stealing large amounts of data on Americans as part of a “strategic plan” to increase its intelligence collection. . . .

. . . The hackers’ access was so extensive that U.S. officials said they think it is “highly likely” that every file associated with an OPM-managed security clearance application since 2000 was exposed. Background checks before that time were less likely to be affected, officials said. . . .

. . .  Those responsible for the hack appear to have had access to OPM records for months. U.S. officials said the theft of security-clearance data took place over a six-month stretch that ended in January. The personnel records were stolen from October to April.

The breach of personnel records was discovered in April as a result of new cybersecurity tools OPM had installed, said Andy Ozment, the Department of Homeland Security’s assistant secretary for cybersecurity.

Officials said the thieves broke in by using stolen contractor logins and passwords. . . .(more)

 

OPM Announces Steps to Protect Federal Workers and Others From Cyber Threats (OPM)

Today, the U.S. Office of Personnel Management (OPM) announced the results of the interagency forensics investigation into a recent cyber incident involving Federal background investigation data and the steps it is taking to protect those impacted.  Throughout this investigation, OPM has been committed to providing information in a timely, transparent and accurate manner.  As information has become available and verifiable, the agency has updated Congress, the Inspector General, Federal employee representatives, and – most importantly – those that are affected.  Today’s announcement is the latest in this series of updates, and OPM will continue to provide additional information going forward.

Background on the intrusion into OPM’s systems.  Since the end of 2013, OPM has undertaken an aggressive effort to upgrade the agency’s cybersecurity posture, adding numerous tools and capabilities to its various legacy networks.  As a direct result of these steps, OPM was able to identify two separate but related cybersecurity incidents on its systems.

Today, OPM announced the results of the interagency forensic investigation into the second incident.  As previously announced, in late-May 2015, as a result of ongoing efforts to secure its systems, OPM discovered an incident affecting background investigation records of current, former, and prospective Federal employees and contractors.  Following the conclusion of the forensics investigation, OPM has determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details.  Some records also include findings from interviews conducted by background investigators and fingerprints.  Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

While background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

This incident is separate but related to a previous incident, discovered in April 2015, affecting personnel data for current and former Federal employees.  OPM and its interagency partners concluded with a high degree of confidence that personnel data for 4.2 million individuals had been stolen.  This number has not changed since it was announced by OPM in early June, and OPM has worked to notify all of these individuals and ensure that they are provided with the appropriate support and tools to protect their personal information.

Analysis of background investigation incident.  Since learning of the incident affecting background investigation records, OPM and the interagency incident response team have moved swiftly and thoroughly to assess the breach, analyze what data may have been stolen, and identify those individuals who may be affected.  The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases.  This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants.  As noted above, some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints.  There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.

If an individual underwent a background investigation through OPM in 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.

Assistance for impacted individuals.  OPM is also announcing the steps it is taking to protect those impacted: . . . (read more)

More DICE Posts