Massive hack attack on feds compromised background-check info for 21.5M people
Image from Shutterstock.
In a cyber intrusion described by the head of the FBI as “enormous,” hackers penetrated federal background-check databases to obtain access to confidential material, including social security numbers, for 21.5 million individuals, the Office of Personnel Management announced Thursday.
Most of those affected, some 19.7 million people, had sought security clearances, reports Reuters. The other 1.8 million people affected had not applied for a security clearance but were spouses, co-habitants or otherwise linked to those who had.
Fingerprints for more than one million people, as well as usernames and passwords included on application forms for an unknown number of individuals, were in the hacked files, reports the National Journal.
OPM says material available to the hackers, concerning an unstated number of people, also included “residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history;” and other information.
“If an individual underwent a background investigation through OPM in 2000 or afterwards … it is highly likely that the individual is impacted by this cyber breach,” OPM said in a Thursday written statement provided to the media.
Although who is responsible for the attack hasn’t been made public, a foreign intelligence service could use such information for purposes including counterintelligence or simply to find out who, in foreign countries, has had contact with American officials, reports the Wall Street Journal (sub. req.).
“Just imagine if you were a foreign intelligence service and you had that data, how it might be useful,” said FBI Director James Comey in a Thursday news conference.
He declined to detail what is being done in response to the hack attack, but said “obviously this is the subject of a lot of conversation and work in the U.S. government.”
Many of the files that were accessed contained information that was not encrypted, Reuters reports.
In another incident which may involve a significant amount of overlap as far as those victimized are concerned, OPM announced last month that sensitive personnel records for some 4 million current and former federal employees had been stolen in a December intrusion.
It isn’t clear from news accounts exactly when the database infiltration announced today by OPM began and ended.
Related coverage:
ABAJournal.com: “Hackers may have accessed records of 4 million federal workers; was China responsible?”
ABC News: “FBI Director ‘Sure’ Foreign Hackers Have His Personal Data”
Washington Times: “James Comey, FBI chief, says his own info was hacked in OPM breach; it was ‘enormous’”
.jpg)
