OPM Hackers Stole Data on Every Federal Employee

The breach compromised the personal information of millions of government workers.

National Journal
Dustin Volz
June 11, 2015, 12:54 p.m.

The hack­ers who in­filt­rated the Of­fice of Per­son­nel Man­age­ment last year swiped the per­son­al in­form­a­tion of every fed­er­al em­ploy­ee work­ing in gov­ern­ment, a num­ber po­ten­tially far great­er than the 4 mil­lion pre­vi­ously re­por­ted, ac­cord­ing to a labor uni­on of gov­ern­ment work­ers.

In a let­ter sent to OPM dir­ect­or Kath­er­ine Archu­leta and ob­tained by Na­tion­al Journ­al, Amer­ic­an Fed­er­a­tion of Gov­ern­ment Em­ploy­ees Pres­id­ent J. Dav­id Cox wrote that the hack­ers stole So­cial Se­cur­ity num­bers, birth­days, ad­dresses, mil­it­ary re­cords, job and pay his­tor­ies, and vari­ous in­sur­ance in­form­a­tion, in ad­di­tion to age, gender, and race data.

“Based on the sketchy data OPM has provided, we be­lieve that the Cent­ral Per­son­nel Data File was the tar­geted data­base, and that the hack­ers are now in pos­ses­sion of all per­son­nel data for every fed­er­al em­ploy­ee, every fed­er­al re­tir­ee, and up to one mil­lion former fed­er­al em­ploy­ees,” Cox wrote in a let­ter dated Thursday.

(RE­LATED: Point­ing Fin­gers at Mc­Con­nell, Sen­at­ors Stall Cy­ber­se­cur­ity Bill)

“Worst, we be­lieve that So­cial Se­cur­ity num­bers were not en­cryp­ted, a cy­ber­se­cur­ity fail­ure that is ab­so­lutely in­defens­ible and out­rageous,” he ad­ded.

Cox said that the 18 months of cred­it mon­it­or­ing and $1 mil­lion in li­ab­il­ity in­sur­ance that OPM has offered af­fected em­ploy­ees is “en­tirely in­ad­equate, either as com­pens­a­tion or pro­tec­tion from harm.”

Last week, fed­er­al of­fi­cials an­nounced that data for as many as 4 mil­lion former and cur­rent fed­er­al em­ploy­ees had been ex­posed. The breach oc­curred in Decem­ber and was de­tec­ted in April, of­fi­cials said, and many have at­trib­uted the in­tru­sion to China. That hack was already con­sidered one of the largest and most dev­ast­at­ing on re­cord. After the breach was an­nounced, OPM signed a $20 mil­lion con­tract with a private cy­ber­se­cur­ity com­pany to provide iden­tity-fraud pro­tec­tion ser­vices for af­fected em­ploy­ees.

(RE­LATED: Syr­i­an Elec­tron­ic Army Claims Hack of Army Web­site)

Of­fi­cials did not im­me­di­ately re­spond to a re­quest for com­ment.

Earli­er on Thursday, the Sen­ate re­jec­ted a push by Ma­jor­ity Lead­er Mitch Mc­Con­nell to al­low a cy­ber­se­cur­ity meas­ure to be ad­ded as an amend­ment in an on­go­ing de­bate over the Na­tion­al De­fense Au­thor­iz­a­tion Act. Mc­Con­nell had tried to use news of the OPM hack to jam the bi­par­tis­an meas­ure through, but Demo­crats — in­clud­ing some of the bill’s sup­port­ers — ar­gued that such im­port­ant le­gis­la­tion was de­serving of fuller de­bate.

{{third­PartyEmbed type:scribd id:268412148}}

This story has been up­dated.

Brendan Sasso contributed to this article.
What We're Following See More »
Government Buying $20 Million in Cheese
1 hours ago

Thanks to competition from Europe, America's cheese stockpiles are at a 30-year high. Enter the U.S. government, which announced it's buying 11 million pounds of the stuff (about $20 million). The cheese will be donated to food banks.

Clinton to Receive Classified Briefing on Saturday
3 hours ago
Judge: Freddie Mac Doesn’t Have to Open Its Books
5 hours ago

"Freddie Mac shareholders cannot force the mortgage finance company to allow them to inspect its records, a federal court ruled Tuesday." A shareholder had asked the United States District Court for the Eastern District of Virginia to allow him to inspect its books and records, as Virginia law allows him to do. "The court held that Freddie shareholders no longer possess a right to inspect the company’s records because those rights had been transferred to the Federal Housing Finance Agency when the company entered into conservatorship in 2008."

Pentagon Can’t Account for 750k Guns Provided to Iraq, Afghanistan
5 hours ago

The Pentagon has "provided more than 1.45 million firearms to various security forces in Afghanistan and Iraq, including more than 978,000 assault rifles, 266,000 pistols and almost 112,000 machine guns." Trouble is, it can only account for about 700,000 of those guns. The rest are part of a vast arms trading network in the Middle East. "Taken together, the weapons were part of a vast and sometimes minimally supervised flow of arms from a superpower to armies and militias often compromised by poor training, desertion, corruption and patterns of human rights abuses."

Baltimore Is Spying on Its Residents from the Air
7 hours ago

"Since the beginning of the year, the Baltimore Police Department" has been using a Cessna airplane armed with sophisticated camera equipment "to investigate all sorts of crimes, from property thefts to shootings." The public hasn't been notified about the system, funded by a private citizen.