The suspected Chinese hackers have once again managed to break into the United State government’s personnel management agency, leaving more than 22 million government employee personal records compromised, U.S. officials disclosed on Thursday.
Twenty-two million is a huge figure! Last month, the Office of Personnel Management (OPM) announced that the data of more than 4 million existing and former federal agency workers was stolen, following with the second attack on 14 million US Federal and Military Personnel. But now the current figure is more than five times bigger than what was announced last month, which according to OPM was a “separate but related” hacking incident.
Both cyber breaches, in total, compromised the personal records of more than 22 million people which equals to nearly 7 percent of the United States population.
“If an individual underwent a background investigation through OPM in 2000 or afterwards […] it is highly likely that the individual is impacted by this cyber breach.” – OPM’s statement
According to OPM, the figure includes 19.7 million candidates who applied for security authorizations – including current, former, and prospective employees, had their Social Security numbers as well as other personal data stolen. Apart from that, 1.8 million non-applicants – including relatives and other acquaintances also had sensitive information stolen.
Due to the high numbers and the sensitivity of the stolen information, this cyberattack has been considered as one of the most harmful attack, and the U.S. lawmakers have labelled this event as a significant threat to national security. In fact, the hackers apparently searched through innumerable OPM databases for more than a year – which included files associated with employee’s family information.
After observing this historic hacking incident, lawmakers demanded the elimination of OPM Director Katherine Archuleta. House of Representatives Speaker John Boehner said President Obama needs to take a strong stance contrary to “incompetence in his administration and instill new leadership at OPM.”
Mark Warner, Virginia Democratic Senator said:
“The technological and security failures at the Office of Personnel Management predate this director’s term, but Director Archuleta’s slow and uneven response has not inspired confidence that she is the right person to manage OPM through this crisis.”
In respond to these allegations, Archuleta told reporters during a press conference call that neither she nor OPM Chief Information Officer Donna Seymour would be leaving. She further added “I am committed to the work that I am doing at OPM, […] I have trust in the staff that is there.”
U.S. President Mr. Barrack Obama retains confidence in Archuleta, says the White House.
Role of Chinese Hackers
The U.S. based analysts have recognised China as the prominent suspect in these massive hacking attempts on the United States government agency, on which the Foreign Ministry of China stated it as “absurd logic,” treating the assertion as unworthy of serious consideration.
During a press conference with reporters, Michael Daniel, White House National Security Council official, said “we’re not really prepared to comment at this time on the attribution behind this event.”
“At this point the investigation into the attribution of this event is still ongoing and we are exploring all of the different options that we have,” said Daniel, special assistant to the president and cybersecurity coordinator at the National Security Council.
Adam Schiff, one of the top Democrat on the House of Representatives Intelligence Committee, said “Rather than simply place blame on the hackers, we need to acknowledge our own culpability in failing to adequately protect so obvious a target.”
The Breached Personal Data
The United States law enforcement officials and intelligence are mainly concerned about the stealing of SF-86s forms, which is submitted for security clearance. This form requires the candidates to provide not only their own personal information but also friends, relatives and other overseas contacts. Apart from that, the applicants also need to provide details about their financial and mental health history as well as all personal relationships.
The red dragon denies hacking accusations
OPM investigations concluded that the breached personal data of personnel includes 1.1 million fingerprints, Social Security numbers, residential history, employment history, educational history, health records, financial records, criminal records as well as information about family members and other acquaintances.
Such information could be abused to pressurise U.S. officials and personnel into further breaching the agencies, or it could also be used by hackers to target non-government officials.
In a statement, OPM said, “Throughout this investigation, OPM has been committed to providing information in a timely, transparent and accurate manner.”
Further in their statement, the agency added that their investigation had found no evidence at the moment which will suggest misuse or further distribution of the stolen personal information. Since after the revelation of these security breaches, it has become an alarming situation for the millions of affected Americans.
Due to the breach, the OPM online SF-86s form submission system known as “e-QIP” has been suspended by the U.S. investigations officials.
Report typos and corrections to firstname.lastname@example.org