It is believed to be among the largest breaches in the history of the federal government.
The massive hack last year of the Office of Personnel Management’s system containing security clearance information affected 21.5 million people, including current and former employees, contractors and their families and friends, officials said Thursday.
That is in addition to a separate hack – also last year — of OPM’s personnel database that affected 4.2 million people. That number was previously announced.
Together, the breaches arguably comprise the most consequential cyber intrusion in U.S. government history. Administration officials have privately said they were traced to the Chinese government and appear to be for purposes of traditional espionage.
The 21.5 million figure includes 19.7 million individuals who applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or people who live with the applicants. Some records also include findings from interviews conducted by background investigators, and about 1.1 million include fingerprints, officials said.
Individuals who underwent a background investigation through OPM in 2000 or afterwards are “highly likely” affected, officials said. Background checks before 2000 are less likely to have been affected, they said.
The lapse enabled hackers to gain access not only to personnel files but also personal details about millions of individuals with government security clearances – information a foreign intelligence service could potentially use to recruit spies.
“There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s system,” the agency said.
Because the exposed records included information on individuals who served as references on security clearance applications, U.S. official said that stolen data includes details on certain employees’ relatives and friends.
Wednesday’s announcement only seemed to strengthen Republican calls on Capitol Hill for OPM Director Katherine Archuleta and her chief information officer, Donna Seymour, to resign.
Source: The Washington Post