The government employee data breach at the Office of Personnel Management, already thought to be one of the most severe losses of government records ever sustained, could be several times worse than originally believed.
“Somebody stole background information application data on a large number, potentially, of federal employees and others who might need background information.” (Video via CNBC)
Officials say the same attackers who hit records at the Office of Personnel Management in 2014 also stole the data-rich documents used in federal background checks. (Video via NBC)
Standard Form 86 includes personal information, medical and travel histories, arrest and drug records and contact information for other people.
For instance, Section 16 of the form is titled "People Who Know You Well." It has spaces for contacts' work addresses, emails, phone numbers and more.
By one estimate from Bloomberg, those associations could mean 14 million people are potentially affected.
But the new damage is not entirely unexpected. “It’s like cancer,” one official familiar with the case told The Washington Post. “Once you start operating on the cancer, you find it has spread to other areas of the body.”
And critics suggest the attackers have had plenty of time to run around inside OPM networks. Wired notes the OPM didn’t have anyone running dedicated IT security until 2013.
And even in 2014 when the OPM did beef up its IT management staff, the office’s own inspector general found the team wasn’t hitting information security requirements.
“We are upgrading the material weakness [in OPM’s information security policies] to a significant deficiency for FY 2014.”
In the wake of the attacks, the OPM’s chief information officer has ordered a “30-day cybersecurity sprint” to shore up the office’s networks with new monitoring and security measures.
This video includes images from Getty Images.