#OPMHack: Agency Admits 25.7 Million Affected
#OPMHack: Agency Admits 25.7 Million Affected
July 10, 2015
The Office of Personnel Management’s cyber sinkhole is getting deeper. It has been confirmed that 25.7 million people have been affected by several data hacks.
To put it bluntly. The OPM data hack isn’t just big, it is terrifyingly huge.
Hackers who broke into the U.S. Office of Personnel Management’s computer network stole 19.7 million background investigation forms and 1.1 million fingerprint records, the agency disclosed Thursday, a sharp escalation in the government’s assessment of the damage caused by the hack.
The agency said hackers likely stole every single background investigation form completed since 2000 and some completed prior to that time.
Think about it. Hackers have stolen every bit of data on ALL background checks that have been conducted since the year 2000. That includes fingerprints, references and more. Don’t forget to add the additional 1.8 million Social Security numbers that the hackers have had access to since late 2013. To put this data breach into numbers perspective, check this out:
— Elliot Waldman (@waldmane) July 9, 2015
25 million is the number that the OPM KNOWS was hacked. Logic tells us that there are many more who are at risk. Representative Adam Schiff (D-CA) said it perfectly in the statement he issued just after the scope of the breach was made public:
“Today’s announcement by the Office of Personnel Management makes public the appalling severity of these cyber intrusions. Rather than simply place blame on the hackers, we need to acknowledge our own culpability in failing to adequately protect so obvious a target. Plainly, we need to do so much more to safeguard our networks, especially those which hold the most sensitive details about Government employees, many of whom are entrusted with critical national security missions. Addressing this problem must begin by acknowledging that it is our responsibility to protect our people, their most personal information, and their privacy.
“In addition, I have been deeply disturbed by the information Members of the Intelligence Committee received from OPM since the disclosure of these hacks. I do not believe OPM was fully candid in its original briefing to the committee and omitted key information about two distinct hacks and the breadth of the potential compromise. To the degree OPM has not been fully forthcoming with Congress or has sought to blame others for a lack of its own inadequate security, OPM has not inspired confidence in its ability to safeguard our networks and most sensitive databases.”
Many current and former government employees recognized the severity of the issue. We wrote about the concerns expressed by the Government Employees Union here. There have been plenty on both sides of the aisle who are justifiably angry about this breach and are searching for answers. However, when those who SHOULD have the answers refuse to resign or shrug their shoulders and whine “I don’t know….”
— Omri Ceren (@omriceren) July 9, 2015
We knew and stated on June 25th that this was going to be huge. We said then that about 32 million would be affected. Unfortunately, I don’t think we’ll be far off the mark, and that should not only anger us but terrify us as well. Americans are slated to be the dubious beneficiaries of dangerous incompetence. I’ll ask bluntly, why the hell did the OPM continue to leave all the barn doors wide open??!! Katherine Archuleta has a lot of explaining to do, and it certainly won’t be a time of fun and games.
Yesterday afternoon she attempted to reassure everyone that she “understands” the concerns about this data breach:
“I truly understand the imapct this has on our current and former federal employees, our miltiary personnel and our contractors,” said OPM Director Katherine Archuleta, in a conference call with reporters.
Oh yeah, that’s going to help. Does she really understand what our country is facing? Evidently not since she refused to meet with the FBI during the course of the investigation, and is again refusing to step down and let others come in and fix this debacle.
— Aaron Boyd (@Federal_IT) July 9, 2015
This isn’t just a matter of sending notifications out sometime in the next few weeks directing current & former government employees to change his/her passwords, credit cards, or bank accounts. All the credit monitoring & identity theft services won’t fix what has already been stolen over the course of the last two years. Furthermore, the fact that hackers have been combing through all the data for MONTHS should terrify us all. Like it or not, this situation has major significant national security implications.
If a foreign intelligence service stole records of 20 million U.S. officials, it could use the information for blackmail, counterintelligence or to determine the foreign contacts of U.S. officials.
“Just imagine if you were a foreign intelligence service and you had that data, how it might be useful,” FBI Director James Comey told reporters on Thursday.
I agree with Senator Ben Sasse (R-NE) when he points out that the potential for blackmail and danger to our families, friends, and our country should chill you to the bone. What happened wasn’t just one breach, but several; and a 15 point fixit plan won’t cut it.
25 million plus Americans have been placed at risk because an agency kept their heads in the sand for years and NEVER took cyber security seriously. Can we stop this train before it dives off the cliff? I honestly don’t know. What I do know is that the OPM should immediately stand down and let professionals from around the IT industry work as fast as they can to slam shut every single barn door before the barn itself collapses.
Become a Victory Girl!
Follow Us On Twitter!