The Department of Homeland Security informed the public last week that the Office of Personnel Management had been compromised by hackers. The hackers were able to access the data of 2.1 million current federal employees, and 2 million former federal employees. The hackers were able to infiltrate the OPM databases that stored information about the federal employees who were applying for security clearances. The Chief Administrative Officer Ed informed the public that only employees who had worked for another federal agency in the past had been compromised.
Last Friday, while investigating the OPM breach, the DHS discovered a second breach in the same agency. In the second breach, hackers may have accessed as many as 14 million personnel records from the OPM. This breach affects current, former, and prospective federal employees – including intelligence officers and military personnel. The newly discovered breach at OPM has affected people beyond the federal government. Hackers may have access to information from private contractors.
The DHS discovered that in this second breach, the hackers accessed a form called Standard Form 86. People who filled out Standard Form 86 submitted personal financial data, like Social Security numbers for themselves and their live-in partners, and bankruptcy history. They also submitted personal medical data such as information about mental illnesses, and drug and alcohol use. Employees were required to fill out information about past arrests, and also submit information about their relatives and close personal contacts.
The OPM breach that occurred last week was a small part of the breach that was recently uncovered. The White House suspects that the Chinese government sponsored a group of cyber criminals to hack into large American databases. The hackers have targeted public and private organizations that store personal data – security experts believe that the Anthem breach was conducted by Chinese hackers as well. One of the fears White House officials have is that another government is infiltrating networks in the US and building databases of information about American residents. With this information, the Chinese government can approach and recruit potential spies. If the hackers who broke into the OPM’s databases were state-backed, then the Chinese government could know the identities of almost everyone who has a federal security clearance. Through the recent breach at OPM, hackers were able to get data about NSA and CIA agents, and military special operations personnel, which makes it harder for them to remain covert. The House Committee on Oversight and Government Reform plans to investigate the causes of the breach and bring more information to the public.
Federal agencies are becoming big targets because they hold large amounts of confidential data about employees. The second breach at OPM demonstrates how cyber criminals can find was to access different sets of data within the same agency. EiQ SecureVue offers continuous security monitoring for federal agencies. SecureVue helps Information Assurance and Cyber Security Managers automate requirements outlined in federal regulations including 800-53, 8500.2, CNSSI, and the Risk Management Framework. SecureVue helps agencies meet audit log requirements and reduce the overhead associated with compliance checks. With EiQ SecureVue, federal agencies can protect their employee data from cyber criminals.