Chinese Stole Personal Details of 7% of Americans in OPM Hacks

Tuesday, July 14, 2015
Katherine Archuleta testifying before Senate committee on OPM data breach in June (photo: Chip Somodevilla, Getty Images)

China’s infiltration of a major U.S. government computer system has been determined to be much more widespread than originally believed. Personal information on more than 22 million Americans, or 7% of the U.S. population, was stolen in the breach, making it the largest cyber theft of federal government data to date.

 

The hacking attack on the computer network maintained by the Office of Personnel Management (OPM) resulted in the massive theft of names, addresses, Social Security numbers, health histories, financial data and other private information of Americans.

 

China has yet to be officially named as the culprit, but that’s where fingers are pointing. The potential use of the stolen data would likely be for political leverage, cybersecurity consultant Paul Rosenzweig told ThinkProgress. “This is the mother lode of social network analysis,” he said. “The key is figuring out who influences whom. If you know somebody who knows (Senate Minority Leader) Harry Reid (D-Nevada), and you’re two degrees of separation from him: That’s what you need. This is a map of that.”

 

Rosenzweig holds a top government security clearance and was himself affected by the breach. “It’s everything,” he said of the data that was stolen. “Everywhere I’ve lived for the last 10 years, where I went to school, every job I ever had, my 10 closest friends and coworkers — supervisor included — and their information. It’s an in-depth biographical.”

 

That information on so many millions of government employees will allow the hackers to determine who works for U.S. intelligence agencies, where they are located in the world, and even what operations they are working on, explained Rosenzweig. “Short of real-time intelligence of U.S. activities, this is the intelligence equivalent of the discovery of the nuclear bomb,” he said. The data breach “really suggests that we should take the entire government offline” and offer “complete amnesty to anyone who is approached by the Chinese and comes forward.”

 

That the private data of such a large segment of the population was stolen left the government reeling and trying to figure out how exactly to respond.

 

The initial reaction was to take aim at the director of OPM, Katherine Archuleta, who was reportedly pressured to turn in her resignation within 24 hours of disclosure of the news. She did so Friday morning, but while some lawmakers called it long overdue, others saw it as a superficial action.

 

“[She] may play the sacrificial lamb and lose her job,” Sen. Ben Sasse (R-Nebraska) wrote at Wired. “This will be a transparent attempt to con the public into thinking the problem is solved. At best, firings are consequences, not solutions.”

 

“I don’t think we can expect that a change of a single person can be a satisfactory answer to the problems at OPM,” Rep. Adam Schiff (D-California) told The New York Times. “Every other agency should have its head examined if it’s not taking steps to protect its data. Because if there’s a problem at one agency, there’s likely a problem at other agencies.”

 

Rep. Jason Chaffetz (R-Utah) claimed that Archuleta and her aides had “consciously ignored the warnings” of a potential hacking assault. “Such incompetence is inexcusable,” he said in a statement.

 

It had first been revealed that Chinese hackers broke into the OPM network in April and stole the personal data for 4.2 million current and former federal workers. It was then disclosed that in late May, a second cyber-attack on the agency’s network, also originating from China, had compromised the personal data of 21.5 million people.

 

In all, 22.1 million Americans were affected, which includes 19.7 million people who had applied for a background investigation, and 1.8 million people who were spouses or partners of applicants, according to the Digital Forensic Investigator (DFI). It was also reported that those who had undergone a federal background investigation through OPM in 2000 or thereafter would have a greater chance of being impacted than those who had done so earlier.

-Danny Biederman

 

To Learn More:

7% of Americans Hit by OPM Breaches (by Ernie Austin, Digital Forensic Investigator)

What China Can Do With The Data It Stole From 21.5 Million Americans (by Lauren Williams, ThinkProgress)

OPM Announces Steps to Protect Federal Workers and Others From Cyber Threats (Office of Personnel Management)

Cable and Network Television Just Not That Interested in the OPM Hack (by T. Becket Adams, Washington Examiner)

Is the Chinese Hacking of U.S. Government Employees’ Data Really any Different than What the U.S. Does to China? (by Noel Brinkerhoff, AllGov)

Comments

C. David Buchanan 9 years ago
Make known your requirement of Lifetime Credit Monitoring for those with breached Personnel Identification Data (PID). - The White House provides the means and says they want to know you care. https://petitions.whitehouse.gov/petition/provide-lifetime-identity-protection-federal-employees-who-were-victimized-breach-opm

Leave a comment