Ride the Lightning

Millions of Federal Workers' Data Compromised: Breach Linked to China

June 8, 2015

As The New York Times reported last week, the Obama administration announced a massive breach involving data held by the Office of Personnel Management (OPM), that data covering at least four million current and former government workers in an intrusion that officials said apparently originated in China.

The breach was first detected in April, the OPM said, but it appears to have begun at least late last year.

The target seemed to be Social Security numbers and other “personal identifying information,” but it was unclear whether the attack was related to commercial gain or espionage. While the attack was pretty clearly launched from China, it was less clear whether it was state sponsored. The government may (as always) know more than it is saying since any attribution of the breach might reveal classified data.

This is the third major foreign intrusion into an important federal computer system in the past year. Last year, the White House and the State Department found that their e-mail systems had been compromised in an attack that was attributed to Russian hackers.

Also, last summer, the OPM announced a breach in which hackers appeared to have targeted the files of tens of thousands of workers who had applied for top-secret security clearances. In that case, the objective seemed clear: The information on security clearances could help identify covert agents, scientists and others with data of great interest to foreign governments. That breach also appeared to have involved Chinese hackers. Because the breadth of the new attack was so much greater, the objective seemed less clear.

The intrusion came before the OPM fully put into place a series of new security procedures that restricted remote access for administrators of the network and reviewed all connections to the outside world through the Internet.

Too little, too late has been a constant problem in protecting government data.

The Department of Homeland Security’s emergency cyberteam used an antihacking system called Einstein that alerted the agency to the potential compromise of federal employee data.

The OPM told current and former federal employees that they could request 18 months of free credit monitoring to make sure that their identities had not been stolen, and it said it was working with cybersecurity specialists to assess the effects of the breach. It was clear, however, that the scope was sweeping, potentially affecting a vast majority of the federal work force. J. David Cox Sr., the president of the American Federation of Government Employees, said he had been told that the breach might have affected “all 2.1 million current federal employees and an additional two million federal retirees and former employees.”

I would imagine that there are a lot of current and former federal employees that are pretty worried. We have come to expect that our government will use state of the art defenses to protect our data – it appears that movement in that direction is way, way too slow – inviting hackers to make an all-too-easy compromise of personal data.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson