Security breach puts millions at cyber risk
WASHINGTON: Hackers stole social security identification numbers and other highly sensitive data from more than 21 million people, the Obama administration said yesterday.
Officials acknowledged that the breach of US government computer systems was far more severe than previously disclosed.
The scope of the data breach, believed to be the biggest in US history, has grown dramatically since the government first said earlier this year that hackers had entered the Office of Personnel Manage- ment’s personnel database and stolen records for about 4.2 million people.
Since then, the administration has acknowledged a second, related breach of systems housing private data that individuals submit during background investigations to obtain security clearances.
That second attack affected more than 19 million people who applied for clearances, as well as nearly 2 million of their spouses, housemates and others who never applied for security clearances, the administration said.
Among the data the hackers stole: criminal, financial, health, employment and residency histories, as well as information about their families and acquaintances.
The new revelations drew indignation from members of Congress who have said the administration has not done enough to protect personal data in their systems, as well as calls for OPM Director Katherine Archuleta and her top deputies to resign.
In a conference call with reporters, Archuleta said the hackers also got hold of the user names and passwords that prospective employees used to fill out their background investigation forms, as well as the contents of interviews conducted as part of those investigations.
Yet the government insisted there were no indications that the hackers have used the data they stole.
Numerous US lawmakers have said China was behind the attack. But Michael Daniel, President Barack Obama’s cybersecurity co-ordinator, said the government wasn’t ready to say who was responsible.
Officials have acknowledged that the same party was responsible for both of the breaches, which took place in 2014 and early 2015.
Investigators previously told AP that the US government was increasingly confident that China’s government, and not criminal hackers, was responsible.
China has publicly denied involvement in the break-in.
Earlier yesterday, during a round-table discussion with reporters, FBI Director James Comey described the scope of the OPM breach as “huge”.