More Than 21 Million Workers Affected by Breaches of OPM Networks
Hackers behind cybersecurity attacks on the U.S. federal government through the Office of Personnel Management (OPM) pilfered personal information from a much more significant number of current and former employees than previously reported.
Thursday, investigators reported two breaches occurred, with data stolen from 21.5 million workers, far more than the 4 million officials originally disclosed in June.
Hackers managed to breach the computer systems of the OPM, stealing data including Social Security numbers, birth dates, home addresses, job assignments, performance reviews, insurance details and training certificates.
While probing the original breach, investigators found additional information was compromised from sensitive background investigation records. The number includes 19.7 million individuals who applied for a background investigation, and 1.8 million non-applicants, primarily spouses or co-habitants of applicants, according to OPM officials.
Some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints, OPM reported. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.
OPM cautions current and former employees who underwent background checks in 2000 and later might have had their personal information stolen from completed forms SF-86, SF-85 or SF-85P for either a new investigation or a reinvestigation. Those who completed the forms before 2000 might still be impacted, but the chances are more remote, the agency reported.
The hacker broke into the network in May 2014 using a contractor’s credentials.
OPM will provide credit monitoring and identity theft protection services to the 21.5 million individuals for 18 months.
The significant breach appears to be the work of nation-state attackers hoping to glean critical information about federal workers, experts have said. The breach was reportedly carried out by hackers backed by the Chinese government.