July 9, 2015  by Joe Bellott – CISO Certified Cyber Security Expert

This hack is separate from the breach of OPM data that compromised 4.2 million Social Security numbers and was made public in June. More than 21 million Social Security numbers were compromised in a breach that affected a database of sensitive information on federal employees held by the Office of Personnel Management, the agency announced Thursday. Officials have privately linked both intrusions to China.

The hack that resulted in the loss of these records began in May 2014, according to OPM Director Katherine Archuleta’s testimony before Congress. It was not discovered until May 2015. Of the 21.5 million records that were stolen, 19.7 million belonged to individuals who had undergone background investigations, OPM said. The remaining 1.8 million records belonged to other individuals, mostly applicants’ families. 3.6 million people were affected by both breaches, OPM press secretary Sam Schumach said Thursday night, bringing the total number of individuals affected by the pair of OPM hacks to 22.1 million.

The records that were compromised in the breach announced Thursday include detailed, sensitive background information, such as employment history, relatives, addresses, and past drug abuse or emotional disorders. OPM said 1.1 million of the compromised files included fingerprints.

Some of the files in the compromised database also include “residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details,” OPM said.

Also included in the database is information from background investigations, as well as usernames and passwords that applicants used to fill out investigation forms. And although separate systems that store health, financial, and payroll information do not appear to have been compromised, the agency says some mental health and financial information is included in the security clearance files that were affected by the hack.

Besides the 21.5 million individuals who had their Social Security information stolen, OPM says others’ identifying information—such as their names, addresses, and dates of birth—also were compromised.

OPM will provide credit monitoring and identity-theft protection services to the individuals whose Social Security numbers were stolen, but those individuals will be responsible for disseminating information to other people they may have listed on their background check forms. Those people, whom the government will not contact directly, will not have access to government-bought identity-protection services.

InCyber Comments:

The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: info@incyber.co We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.