News

Hackers Stole 21.5 Million Social Security #s

by Jenny Hollander

On Thursday, the U.S. Office of Personnel Management said in a statement that 21.5 million people's Social Security numbers were stolen in a large-scale hack. Online background information files stored by the OPM were compromised by the 2014 hack — suspected by U.S. officers to be the work of Chinese hackers, though China strenuously denies it. This is more than 15 million more compromised files than the OPM had previously believed. Though the hacking took place last year, the Wall Street Journal reports, it wasn't made public knowledge until this past April.

So how do you know if you were affected? Well, if your professional background check went through OPM anytime since 2000 — if you're a federal employee or a contractor with a federal agency, if you're a spouse or family member of someone who is, or if your background investigation went through that office — the agency writes on its website that it's "highly likely" you were affected by the hack. If your background investigation was pre-2000, you may still be affected, but the agency calls it "less likely." Other information stolen by the same hackers includes birth dates, home addresses, and full names. The OPM continues:

At this time, there is no information to suggest misuse of the information that was stolen from OPM's systems. We are continuing to investigate and monitor the situation. We will begin to notify people affected by the background investigation incident in the coming weeks. At that time, you will be auto-enrolled in some services and will need to take action to enroll in others.

21.5 million people is just over six percent of the U.S. population.

If you are or were a federal employee and you fall under the OPM's criteria for "highly likely" to be affected, the agency won't have notified you yet, it writes on its website. However, if you were a victim of what the OPM initially knew about the hack — when it believed that it had affected only 4.5 million people — then you should already have been made aware.