The Office of Personnel Management revealed that millions of federal employees had their personal information comprised by a major hacking operation.
In a statement today, OPM said they “recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former Federal employees.”
“Within the last year, OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls.”
After the hack was revealed, OPM said they got together with Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation “to determine the impact to Federal personnel.”
From June 8 to June 19 OPM will be sending notifications “to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident.” Those affected will be offered a free 18-month credit monitoring membership.
Sen. Susan Collins (R-Maine), a member of the Senate intelligence committee, told the Associated Press that fingers are pointing to China.
Collins called the hack “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
“Today’s news that United States government systems were again breached demonstrates that cybersecurity must be one of our top priorities,” Intelligence Committee Chairman Richard Burr (R-N.C.) said in a statement. “Every day, these attacks are getting more technically advanced and now another agency has been compromised. We cannot continue to look the other direction.”
“Our response to these attacks can no longer simply be notifying people after their personal information has been stolen; we must start to prevent these breaches in the first place.”
Sen. Lindsey Graham (R-S.C.) said he fears the massive data breach “may turn out to be yet another example of America being walked over by rivals and adversaries.”
“The Obama administration’s failures in foreign policy and national security continue to pile up yet they do nothing to change course,” Graham said. “I fear a cyber ‘Pearl Harbor’ is increasingly more likely if we do not invest in the necessary infrastructure to protect our nation.”
The Chinese hacked the OPM in July 2014, too.
The Washington Post reported that “U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.”
“The intruders gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. No direct-
deposit data was exposed, officials said. They could not say for certain what data was taken, only what the hackers gained access to… The personal information exposed could be useful in crafting ‘spear-phishing’ e-mails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake e-mail purporting to be from a colleague at work.”