More details continue to emerge about the cyber attack and data breach disclosed last week of the U.S. federal government’s Office of Personnel Management (OPM), and those details continue to get worse. While original reports indicated that 4 million federal employees’ data was stolen, a letter to the OPM director penned by the president of the American Federal of Government Employees, a union representing federal employees, indicates that the breach affects all current federal employees, every federal retiree, and up to one million former federal employees. Further, the letter asserts that social security numbers and other forms of sensitive information were not encrypted.
When disclosing the breach, OPM originally said that it was discovered while the agency was updating its cybersecurity capabilities. Now, The Wall Street Journal is reporting that people familiar with the investigation say that it was actually discovered during a sales pitch. A Virginia-based company was demonstrating its cybersecurity platform by running a network study that discovered the offending malware embedded in the network. One at least hopes that they made the sale.
In response, the Obama administration has enlisted the help of intelligence agencies, the FBI, and the Department of Homeland Security to assess the damage and determine the appropriate response. It appears that the hackers were present on the network for a year or more, giving them a lot of time to collect massive quantities of data. It’s not unheard of for US intelligence agencies to infiltrate the servers used in an intrusion to alter or destroy the stolen data, but the technical challenge of finding those servers and the massive scale of this breach make the use of that option difficult.
Several lawmakers briefed on the breach have said that China is the prime suspect, but the Chinese government has vehemently denied this charge. Some security experts have linked this breach with a few other recent breaches. They assert that the attackers are interested more in the intelligence value of the stolen data than its price on the black market to be used for identity theft. The theory is that the Chinese are building a database of all US government employees. The stolen data may contain background checks on individuals seeking security clearances, a trove of sensitive information that could be used to recruit informants or for blackmail.
There are several investigations underway on the breach and more details are certain to come to light. Regardless, this appears to be one of the largest data breaches in US government history.