According to the government’s Office of Personnel Management, 19.7 million background were affected who underwent a background investigation, each of which includes a large amount of personal data. Further, 1.8 million others, mostly spouses or cohabitants of applicants for government jobs were affected. The exceptionally large figure added to the intensity of the breach, which resulted in a series of hearings in Congress and widespread criticism of the state of US cyber-defenses. Officials said that the number is much larger than the previous estimates of ‘only’ 4.2 million files last month, where in a separate attack personnel records were breached affecting former, current and prospective federal employees. Katherine Archuleta, Director of OPM said 3.6 million of those whose background checks were stolen were also in the group whose personnel records were breached, thus bringing the total number of individuals affected to 22.1 million. The inquiry relates to “the second of two separate but related cybersecurity incidents” that had an effect on federal databases, Archuleta told reporters in a conference call. In addition, she said that along with obtaining of sensitive social security numbers, the hackers also obtained data on financial, family history, health, criminal history of people who sought government jobs need a security clearance. Some 1.1 million fingerprints were also stolen. A statement from OPM pointed out that anyone who had undergone a background inquiry in 2000 or afterwards “it is highly likely that the individual is impacted by this cyber breach.” While Archuleta said there was “no information to suggest any misuse” of the data, the government would be providing free monitoring to those affected and protect them against identity theft or fraud. Even though intelligence chief James Clapper said last month that Beijing was “the leading suspect”, the officials in the call refused to comment on the statement that China was behind the large breach. Cybersecurity coordinator at the White House National Security Council, Michael Daniel said that “the investigation into the attribution of this is still ongoing… and we’re not yet prepared to comment” on who was behind the attacks. However, Daniel added that “just because we are not doing public attribution does not mean we are not taking steps to deal with this.” Andy Ozment, an assistant secretary of Homeland Security, said however that the attacks came from “the same actor, moving between different networks.” He said that the hackers had broke into the OPM’s network back in 2014, but the breach was not discovered until April this year. However, the intruders were likely present on the network from May 2014. The WSJ says these background forms are often held in unencrypted form on the OPM’s computer networks. Since the breaches were revealed in June, an inter-agency task force has been carrying out a forensic inquiry. At several congressional hearings, Archuleta faced unfriendly questions from lawmakers. However, she justified her record saying that the new systems she put into effect helped her discover the breaches. Some analysts have quoted evidence indicating China and have said the breach looks like a part of a wide-ranging intelligence operation, which could collect sensitive data for blackmail, recruitment or extortion. The White House said the incident emphasizes the need for new cyber-security legislation.
