Federal Hack ID Theft Now At 22 Million

WASHIGTON DC – The federal

government announced Thursday that the total number of people affected by

cyberattacks on the US government’s personnel office was more than 22 million.

The agency said 21.5 million Social Security numbers were stolen from

one source and 4.2 million from another. Both attacks were announced in June.

Some people were hit with a double

whammy, having their information compromised in both breaches, leading to the

government’s total figure of 22.1 million stolen Social Security numbers.

The breadth of the attack exceeds

some of the worst estimates that government officials and security experts had

shot around in the past month, showing that the government’s databases were an

unsecured stockpile of valuable information when the attack occurred. It’s the

largest blemish on the government’s record of controlling its systems, and

follows a string of attacks that includes the hacking of the CIA’s public

website, the interception of White House emails and the breach of a military

Twitter account. A previous attack blamed on China attempted to intercept

information on federal employees with top secret security clearance in March

2014, according to The New York Times.

FBI Director James Comey purportedly

estimated that 18 million people were affected by the attacks on OPM databases,

according to CNN, which prompted US Congressman Jason Chaffetz (R-Utah)

to grill Office of Personnel Management Director Katherine Archuleta on the

total number at a congressional hearing in late June. Archuleta declined to

give a number at the time, saying the agency was still sorting out how many

people’s Social Security numbers were in the forms.

Attackers lifted the 21.5 million

Social Security numbers from stolen background check documents. About 1.8

million of the people caught up in the hack were married to or lived with the

applicants seeking a security clearance, the Office of Personnel Management

announced Thursday.

And it got even more invasive than

that.

“As noted above, some records

also include findings from interviews conducted by background investigators and

approximately 1.1 million include fingerprints,” the agency said in its

press release.

The two database breaches were

“related,” an OPM spokesman said, and added that the FBI is still

determining who was responsible for hacking the background-check documents. The

first hack has been tied by some in the federal government to Chinese hackers,

but few further details have emerged.

The OPM press release also detailed

the assistance the government will provide those affected, including credit and

fraud monitoring, identity theft insurance and “full service identity

restoration support and victim recovery assistance.” The OPM spokesman

said the agency was still contracting these services out and did not have an

estimate of how much it would cost taxpayers.

Unions representing the federal

employees have criticized the amount of information and assistance provided by

OPM. Two unions have sued the federal government on behalf of their members,

and before the agency announced the second, larger hack, the American

Federation of Government Employees accused the government of downplaying the

number of people affected and the extent of the compromised records.

“There is no information at

this time to suggest any misuse or further dissemination of the information

that was stolen from OPM’s systems,” the agency’s release said. But the

impact of the lost information will be impossible to guess, security experts

said.

“While we haven’t seen the

personal information being used yet, this is to be expected,” said Chris

Wysopal, a security expert at Veracode, a company that checks source code used

in 90 percent of software applications for known flaws. “It’s rare that

information that can be used for blackmail or as precursor information for phishing

attacks would be seen being used.”

In fact, Wysopal said, that we

haven’t seen the hackers tip their hand and identify themselves by using the

data shows their level of sophistication.

“I was just talking to a

federal officer last week,” said Stephen Coty, an executive at Alert Logic

and security researcher. “He knows his information’s in there, and so are

all his colleagues.” Indeed, Comey – the FBI director – told National

Journal reporters that he knows his information was compromised in the hack.

The breach of data on federal

agents, including extremely personal background-check interviews, at the FBI

and beyond gives hackers tools for blackmail and espionage, Coty said.

This story was published by CNET.Com. To subscribe, click onwww.cnet.com

Federal Hack ID Theft Now At 22 Million

Federal Hack ID Theft Now At 22 Million

Share This Story, Choose Your Platform!

About the Author: michtech

Related Posts

Travel Smart with OPPO A3: The Ultimate Companion for Long-Distance Adventures

Report: Four Tic-Tac UFOs Surface In Pacific Ocean

Blockchain Transparency Or Revolutionizing Online Casino Game Fairness Through On-Chain Audit Logs

9 Best “Give $20, Get $20” Referral Program Examples in 2025

The Growing Demand For Privacy And Accessibility In Modern Browsers

4 Side Hustles That Fit Into Any Schedule