U.S.: Hack exposes intel, military data
Hackers linked to China appear to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, several U.S. offiffic ials said Friday.
What the offiffic ials described, the second cyberbreach of federal records recently uncovered, could dramatically compound the potential damage. The number of current and former government employees affffffffffffected by the fifirst attack, initially thought to be about 4 million, now could be as many as 14 million, people familiar with the investigation said Friday.
The security clearance forms that authorities think were accessed require applicants to fifill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies.
They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Securit y number and that of his or her cohabitant is required. The offiffic ials spoke on
condition of anonymit y because the security clearance material is classifified.
“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” said Joel Brenner, a former top U.S. counterintelligence offifficial. “That makes it very hard for any of those peo - ple to function as an intelligence offifficer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”
The Offiffice of Personnel Management (OPM), which was the target of the hack, has not offiffic ially notifified military or intelligence personnel whose security clearance data was breached, but news of the second hack was starting to circulate in both the Pentagon and the CIA.
The offiffic ials said they think the hack into the security clearance database was separate from the breach of federal personnel data announced last week. It could not be learned whether the security database breach hap - pened when an OPM contractor was hacked in 2013, an attack that was discovered last year.