Every Fed Employee’s SSN and Personal Information May Have Been Hacked

Posted June 17, 2015

Government Workers’ Union Claims One Million Federal Employees, Retirees and Ex-Employees Personal Info Compromised.

The question is not whether federal employees’ personal information was breached. It was. Nor even who was responsible. According to Sen. Harry Reid, the Democratic leader, it was “the Chinese” — though he didn’t specify whether it was the Chinese government or Chinese “freelancers.” And Sen. Susan Collins concurred.

The question was the extent of the hack — how many government employees, how much information and what type of information was compromised.

In their Associated Press report, Ken Dilanian along with contributors Donna Cassata and Eric Tucker, detailed what’s known about the breach from the union and from Office of Personnel Management, the agency that was breached. The following has been excerpted from the AP story and edited to fit our format.

One million victims

J. David Cox, president of the American Federal of Government Employees, said in a letter to OPM director Katherine Archuleta that based on OPM’s internal briefings, “We believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.”

Congress and staffs not at risk

The OPM data file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs.

Union: hack far worse than previously reported

The union believes the hackers stole military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; and age, gender and race data, he said.

Agency downplays damage, but admits mistakes

The agency has sought to downplay the damage, saying what was taken “could include” personnel file information such as Social Security numbers and birth dates. “We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” Cox said in the letter.

An abysmal failure

The union called the breach “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”

OPM not talking

Samuel Schumach, an OPM spokesman, said that “for security reasons, we will not discuss specifics of the information that might have been compromised.”

The central personnel data file contains up to 780 separate pieces of information about an employee.

Very little info shared with union

Cox complained in the letter that “very little substantive information has been shared with us, despite the fact that we represent more than 670,000 federal employees in departments and agencies throughout the executive branch.”

Chinese intelligence on a mission

Mike Rogers, the former chairman of the House intelligence committee, said last week that Chinese intelligence agencies have for some time been seeking to assemble a database of information about Americans. Those personal details can be used for blackmail, or also to shape bogus emails designed to appear legitimate while injecting spyware on the networks of government agencies or businesses Chinese hackers are trying to penetrate.

Hacked OPM repository of highly sensitive information

The Office of Personnel Management is also a repository for extremely sensitive information assembled through background investigations of employees and contractors who hold security clearances. OPM’s Schumach has said that there is “no evidence” that information was taken. But there is growing skepticism among intelligence agency employees and contractors about that claim.

ThreatMetrix

ThreatMetrix

close btn