Be the most informed person in the room with Newsy's free e-newsletter

View our privacy policy: http://www.newsy.com/privacy/
Getty Images / Mark Wilson

The OPM Data Breach Just Got Much Worse

Critics say the office practiced insufficient data security for the years leading up to the breach.

By Evan Thomas | June 13, 2015

The government employee data breach at the Office of Personnel Management, already thought to be one of the most severe losses of government records ever sustained, could be several times worse than originally believed.

“Somebody stole background information application data on a large number, potentially, of federal employees and others who might need background information.” (Video via CNBC)

Officials say the same attackers who hit records at the Office of Personnel Management in 2014 also stole the data-rich documents used in federal background checks. (Video via NBC)

Article Continues Below

Standard Form 86 includes personal information, medical and travel histories, arrest and drug records and contact information for other people.

For instance, Section 16 of the form is titled "People Who Know You Well." It has spaces for contacts' work addresses, emails, phone numbers and more.

By one estimate from Bloomberg, those associations could mean 14 million people are potentially affected.

But the new damage is not entirely unexpected. “It’s like cancer,” one official familiar with the case told The Washington Post. “Once you start operating on the cancer, you find it has spread to other areas of the body.”

And critics suggest the attackers have had plenty of time to run around inside OPM networks. Wired notes the OPM didn’t have anyone running dedicated IT security until 2013.

And even in 2014 when the OPM did beef up its IT management staff, the office’s own inspector general found the team wasn’t hitting information security requirements.

“We are upgrading the material weakness [in OPM’s information security policies] to a significant deficiency for FY 2014.”

In the wake of the attacks, the OPM’s chief information officer has ordered a “30-day cybersecurity sprint” to shore up the office’s networks with new monitoring and security measures.

The New York Times reports the Obama administration is also considering financial sanctions against the Chinese attackers officials say are behind the breaches. (Video via The White House)

This video includes images from Getty Images.

Want to see more stories like this?
Like Newsy on Facebook for More IT Security Coverage