These Pandas Dig Deep: Millions of U.S. Employee Records Compromised

July 13, 2015

In what an Al Jazeera reporter has called "likely..the largest theft of U.S. government data in the history of the United States," millions of government employee records held by the Officeof Personnel Management (OPM) have been breached. First acknowledged by the White House on June 4, initial reports indicated that the records of about 4 million employees had been compromised, but that estimate was later revised upward to 14 million1and, eventually, to more than 21.5 million2.

A million here, a million there...pretty soon you have a real breach

The Director of OPM, Katherine Archuleta, disputed the later estimates3,but her credibility suffered when her own estimate was challenged by the FBI. Indeed, FBI Director James Comey had already claimed that 18 million individuals were impacted; his source-an internal estimate prepared by OPM officials4.Archuleta resigned on July 10.

To put the numbers in perspective, the low estimate of 4.2million employees corresponds approximately to the number employed by the U.S. government today, including both civilians and uniformed military5.The higher estimates suggest that the records of previous employees-dating back several decades-were also compromised.Despite the staggering totals, Archuleta did not acknowledge what the Wall Street Journal described as "her agency's refusal to implement security best practices recommended for several years by the OPM's own inspector general."6

Not only was the number of breached records very high, the comprehensive nature of the personally identifiable information that was obtained for each employee is unprecedented. In addition to more mundane information such as Social Security numbers,personnel records, and military service records, the hackers retrieved completed questionnaires (Forms SF-86) used in adjudicating security clearances. These forms contain detailed information about an employee's drug and alcohol use, sexual habits, psychiatric history, and financial dealings that may be so sensitive that it can be used to blackmail the individual. 

Who would do such a thing?

Although it is generally difficult to trace the shadowy trail of any cyber crime back to the perpetrators, many U.S. cyber security experts believe that the recent attack on the OPM originated in China. More specifically, according to sources at the cyber security company RSA, the culprits are a Chinese military-sponsored group of hackers known as the Shell Group or Deep Panda.

The stereotypical hacker attacking financial institutions or retail chains for credit card or other account numbers for quick sale on the black market is often from Eastern Europe or Russia.But the highly sophisticated-and perhaps government-sponsored-attacks on U.S. Government computer networks more frequently originate in China.

In March last year Chinese hackers breached the same OPM networks targeting records of staff with security clearance, but were thwarted before any data was stolen7.Also, in November, the files of thousands of Department of Homeland Security and other federal workers were compromised8.Moreover, the same Deep Panda group has been blamed for a breach of the U.S. healthcare insurer Anthem, Inc., earlier this year, in which the records of close to 80 million customers were reportedly compromised9.China has denied these and other similar allegations.

How extensive is the problem?

A comprehensive breach history of U.S. Government targets is beyond the scope of this blog. However, we would like to leave you with one statistic that underscores the vast extent of the problem:According to Time, "The Federal Government suffered a staggering 61,000 cyber-security breaches last year alone."10


1npr.org
2Ibid
3cnn.com
4Ibid
5opm.gov
6wsj.com
7bbc.com
8Ibid
9tech.firstpost.com
10time.com

Don't miss a post!

Don't miss a post!
Subscribe via email:


Close

Loading Video...

Loading...

Close

You’re almost done.
We need to confirm your email address.
To complete the registration process, please click the link in the email we just sent you.

Unable to subscribe at this moment. Please try again after some time. Contact us if the issue persists.

The email address  is already subscribed.