Millions more of Americans hit by government personnel data hack

Saturday, 11 July 2015 00:00 - - {{hitsCtrl.values.hits}}

download-(1)

Reuters: Data breaches at the U.S. government’s personnel management agency by hackers, with suspicions centering on China, involves millions more people than previously estimated, U.S. officials said on Thursday.

The Office of Personnel Management (OPM) said data stolen from its computer networks included Social Security numbers and other sensitive information on 21.5 million people who have undergone background checks for security clearances.

That is in addition to data on about 4.2 million current and former federal workers that was stolen in what the OPM called a “separate but related” hacking incident. Because many people were affected by both hacks, a total of 22.1 million people were affected, or almost 7% of the U.S. population.

The breach had already been considered one of the most damaging on record because of its scale and, more importantly, the sensitivity of the material taken.

Those exposed included 19.7 million who applied for the clearances - current, former, and prospective federal employees and contractors - plus 1.8 million non-applicants, mostly spouses or co-habitants of applicants, the agency said.

Lawmakers from both parties demanded OPM Director Katherine Archuleta’s removal. House of Representatives Speaker John Boehner, a Republican, said President Barack Obama “must take a strong stand against incompetence in his administration and instil new leadership at OPM.”

“Rather than simply place blame on the hackers, we need to acknowledge our own culpability in failing to adequately protect so obvious a target,” said the top Democrat on the House of Representatives intelligence committee, Adam Schiff.

The Social Security numbers are just the tip of the iceberg.

The critical information, which was not encrypted, involves a complete rundown of the personal lives of some 90% of applicants for security clearances, mainly excepting most undercover CIA agents.

That includes drug use, romantic histories and close friends abroad of those in the military, National Security Agency (NSA) and sensitive State Department posts, among many others, essentially a road map for what weaknesses might be used for blackmail by a foreign power.

Though not attributing the attack in public to China, investigators have told Reuters that their prime suspect is a team tied to that nation’s Ministry of State Security. The evidence includes a specific piece of malicious software and the use of a stolen digital certificate, both of which had been seen in only a small number of attacks that had been tied to the same group.

Dmitri Alperovitch, chief technology officer at security firm CrowdStrike, said his company’s analysis of data about the breach provided by the government made it clear that one or another part of the Chinese government directed the hacking.

“It’s a tremendous coup for China,” Alperovitch said.

Discover Kapruka, the leading online shopping platform in Sri Lanka, where you can conveniently send Gifts and Flowers to your loved ones for any event including Valentine ’s Day. Explore a wide range of popular Shopping Categories on Kapruka, including Toys, Groceries, Electronics, Birthday Cakes, Fruits, Chocolates, Flower Bouquets, Clothing, Watches, Lingerie, Gift Sets and Jewellery. Also if you’re interested in selling with Kapruka, Partner Central by Kapruka is the best solution to start with. Moreover, through Kapruka Global Shop, you can also enjoy the convenience of purchasing products from renowned platforms like Amazon and eBay and have them delivered to Sri Lanka.