OPM Breach Update: Bigger and More Serious Than Originally Thought
June 15, 2015
While last week’s data breach affecting the systems of the U.S. Office of Personnel Management may not generate as much payment-card or card-not-present fraud as other breaches due to its state-sponsored nature, the compromise may have affected more individuals and exposed more sensitive information than first thought. According to an Associated Press report, congressional sources said up to 14 million records may have been exposed and background information on intelligence and military personnel applying for security clearances also was compromised.
“The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies,” The AP said in its report. “They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.”
A union representing federal employees also claims the government is understating the impact of the OPM breach.
“Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees,” said J. David Cox, president of the American Federation of Government Employees. “We believe that hackers have every affected person’s Social Security number(s), military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race union status, and more.”