What Data Was Compromised In The Federal Hack?

When it was announced Thursday that hackers had obtained more than 4 million federal employees' information in a massive data breach, many were shocked, with The New York Times calling it possibly "one of the largest breaches of federal employees’ data." That's terrifying to hear and has me wondering, what personal data of government workers was breached in the hack? The agency that was hacked, the Office of Personnel Management (OPM), is offering current and former employees a free credit report and credit monitoring and identity theft insurance for 18 months to ensure their identities haven't been stolen, so you know it's got to be bad.

According to the Associated Press, the breach could affect data from every single agency in the federal government, and it's focused on information about personnel. Since OPM is pretty much the Human Resources department for the government, it hosts a ton of data about each specific employee, including their Social Security number, background checks, training records, security clearances, and other identifying information. So, workers aren't just worried about having their identities stolen and charges racked up on their credit cards. Ken Ammon, chief strategy officer of Xceedium, a network security software company, told the Associated Press the information compromised could also be used to impersonate and blackmail workers who might have the ability to access incredibly sensitive information.

With the breach consisting of such sensitive information and affecting millions of people, many are calling for better security precautions to prevent this kind of situation from happening, especially as it's already happened many times before. According to the Associated Press, Senate Intelligence Committee Chairman Richard Burr said, "Our response to these attacks can no longer simply be notifying people after their personal information has been stolen. We must start to prevent these breaches in the first place."

According to officials, the hack originated from China. CBS News reported that the "cyber-signatures" and way the attack went down indicated Chinese malware and methods. What exactly that means has not been confirmed. Sen. Susan Collins, a member of the Senate Intelligence Committee, said the attack was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”

It's a scary situation, and one we've been in before. Last year, the Department of Homeland Security disclosed that the private files and internal information of about 25,000 DHS employees had been compromised. The government's internal cybersecurity team said the data breach had “all the markings of a state-sponsored attack," though it did not speculate at that time what foreign government might have been involved.

Images: Getty Images (2)