|
 The Office of Personnel Management (OPM) said data stolen from its
computer networks included Social Security numbers and other
sensitive information on 21.5 million people who have undergone
background checks for security clearances.
That is in addition to data on about 4.2 million current and former
federal workers that was stolen in what the OPM called a "separate
but related" hacking incident. Because many people were affected by
both hacks, a total of 22.1 million people were affected, or almost
7 percent of the U.S. population.
The breach had already been considered one of the most damaging on
record because of its scale and, more importantly, the sensitivity
of the material taken.
Those exposed included 19.7 million who applied for the clearances -
current, former, and prospective federal employees and contractors -
plus 1.8 million non-applicants, mostly spouses or co-habitants of
applicants, the agency said.
 Lawmakers from both parties demanded OPM Director Katherine
Archuleta's removal. House of Representatives Speaker John Boehner,
a Republican, said President Barack Obama "must take a strong stand
against incompetence in his administration and instill new
leadership at OPM."
"The technological and security failures at the Office of Personnel
Management predate this director’s term, but Director Archuleta's
slow and uneven response has not inspired confidence that she is the
right person to manage OPM through this crisis," added Virginia
Democratic Senator Mark Warner.
Archuleta said neither she nor OPM chief information officer Donna
Seymour would be resigning. "I am committed to the work that I am
doing at OPM," Archuleta told reporters during a conference call. "I
have trust in the staff that is there."
The White House said Obama retains confidence in Archuleta.
CHINESE ROLE
The United States has identified China as the leading suspect in the
massive hacking of the U.S. government agency, an assertion China's
Foreign Ministry dismissed as "absurd logic."
Asked during a conference call with reporters on Thursday whether
China was responsible, a White House National Security Council
official, Michael Daniel, said "we're not really prepared to comment
at this time on the attribution behind this event."
Daniel, special assistant to the president and cybersecurity
coordinator at the National Security Council, said that "at this
point the investigation into the attribution of this event is still
ongoing and we are exploring all of the different options that we
have."
OPM said the stolen personal identification data included: Social
Security numbers; residency and educational history; employment
history; information about immediate family and other personal and
business acquaintances; and health, criminal and financial history.
Also stolen were about 1.1 million fingerprints, the agency said.
[to top of second column] |
Since they were revealed last month, the hacking incidents have
alarmed the millions of Americans affected. OPM said in a statement
that its investigation had found no information "at this time" to
suggest any misuse or further dissemination of the information
stolen from its systems.
OPM said it is highly likely that anyone who went through a
background investigation after 2000 was affected by the cyber
breach. Those who underwent background checks before 2000 might be
impacted but it is less likely, the personnel agency said.
"Rather than simply place blame on the hackers, we need to
acknowledge our own culpability in failing to adequately protect so
obvious a target," said the top Democrat on the House of
Representatives intelligence committee, Adam Schiff.
The Social Security numbers are just the tip of the iceberg.
The critical information, which was not encrypted, involves a
complete rundown of the personal lives of some 90 percent of
applicants for security clearances, mainly excepting most undercover
CIA agents.
That includes drug use, romantic histories and close friends abroad
of those in the military, National Security Agency (NSA) and
sensitive State Department posts, among many others, essentially a
road map for what weaknesses might be used for blackmail by a
foreign power.
Though not attributing the attack in public to China, investigators
have told Reuters that their prime suspect is a team tied to that
nation’s Ministry of State Security. The evidence includes a
specific piece of malicious software and the use of a stolen digital
certificate, both of which had been seen in only a small number of
attacks that had been tied to the same group.
Dmitri Alperovitch, chief technology officer at security firm
CrowdStrike, said his company’s analysis of data about the breach
provided by the government made it clear that one or another part of
the Chinese government directed the hacking.
"It’s a tremendous coup for China," Alperovitch said.
(Additional reporting by Joseph Menn and Will Dunham; Editing by
Sandra Maler, Bill Trott and Bernard Orr)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
