Historic: Fed hack puts 25 million at risk, including some outside government; fingerprints also stolen

Click for more
Click for more

Cybercriminals have stolen a staggering amount of information from government computers, a federal agency revealed Thursday. The total number of victims and the type of information gathered, taken together, make the hack historic.

While researching an attack that saw the compromise of 4.5 million federal workers’ data, the Office of Personal Management found a second incident that impacts 21.5 million people, both inside and outside of government.  Criminals got away SSNs, passwords, and in some cases, fingerprints, the agency announced Thursday. Most federal workers since the year 2000 are at risk.

“This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, primarily spouses or co-habitants of applicants,” the federal agency says on its website. “Some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.”

The data stolen had been collected by the federal government, ironically, to complete background checks on potential and current employees.

“If you underwent a background investigation through OPM in 2000 or afterwards….it is highly likely that you are impacted by the incident involving background investigations. If you underwent a background investigation prior to 2000, you still may be impacted, but it is less likely,” the agency said.

Background checks can also include non-spouses used essentially for references. While those individuals also had their data stolen, they are at a much lower risk, OPM says.

“Beyond applicants and their spouses or co-habitants … you may be someone whose name, address, date of birth, or other similar information may have been listed on a background investigation form. In many cases, the information about these people is the same as what is generally available in public forums such as online directories or social media,” OPM says.

Federal workers will receive credit monitoring and other identity theft protection services, though the OPM says there is no evidence the data has been used for financial fraud.  Numerous reports indicate that federal officials blame computer criminals working on behalf of the Chinese government for the attack. While there has been no official confirmation of that, and no evidence supplied, it’s easy to see how this treasure trove of data on federal workers — including fingerprints — would be useful in international espionage.  Earlier this week, FBI Director James Comey said his own personal information had been compromised in the incident.

OPM urges workers to change their passwords and monitor their credit reports for signs of abuse.  The agency will soon open a call center just to deal with questions about the incident.

“OPM continues to take aggressive action to strengthen its broader cyber defenses and information technology (IT) systems, in partnership with experts from DoD, DHS, FBI and other interagency partners,” the agency said.



About Bob Sullivan 1320 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

3 Trackbacks / Pingbacks

  1. The Equifax FAQ: You've got questions, I try to give you answers — bobsullivan.net
  2. Equifax hack, one week later: What really happened, and what you should do to protect yourself – rareintro
  3. Is Facebook the next Yahoo? Russian hackers were there, too, in 2014 — bobsullivan.net

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.