The hack of the Office of Personnel Management (OPM) is reportedly four times bigger than originally estimated, CNN reports. The FBI and other investigators now believe at least 18 million individual records have been breached, up from the 4.2 million the OPM originally reported, and the number is expected to rise further. FBI Director James Comey revealed the 18 million number during a closed-door briefing of Senators this week.
After the briefing, House Homeland Security Chairman Michael McCaul (R-TX) said, “Obviously they started at four million … That number is increasing.”
Additionally, NextGov reports that the National Archives and Records Administration recently detected cyber intrusions similar to those experienced by OPM on its networks, an indication the overall intrusion is much larger than has been reported. So far, however, the hack of NARA appears to be less intrusive than the OPM hack, as adversaries apparently did not obtain “administrative access” to the system.
NARA spokeswoman Laura Diachencko said its systems were not compromised, “but we detected IOCs (indicators of compromise) on three workstations, which were cleaned and re-imaged.”
She said the the Department of Homeland Security’s EINSTEIN 3A is analyzing and monitoring its systems and “has not detected any activity associated with a hack.”
The tensions from the OPM hacks are reaching diplomatic levels, as the U.S. began its annual security talks with China on Monday. One U.S. official said the federal government will directly raise the theft of personnel data with Chinese officials during the talks.
China has denied involvement with the OPM hacks.
Cabinet-level discussions between the two nations starts Tuesday and will go through Wednesday and will cover security and the economy.
A State Department official said Monday’s talks were “candid.” So far, the U.S. has not produced evidence that the hack was executed by the Chinese, but the official said, “Certainly the issue will be addressed in pretty direct terms with the Chinese.”
Customer service complaints related to the OPM hack are “piling up,” The Washington Post reports. One former employee of the Internal Revenue Service said, “I think everybody should know that while they’re trying to fix this thing, they’ve created another mess.” He said he was put on hold for 178 minutes with an identity theft specialist.
According to a Monmouth University poll, 82 percent of Americans have heard at least “a little” about the OPM incidents. Nearly two-thirds of those surveyed believe the federal government is not doing enough to address the nation’s cybersecurity challenges.
In a Center for Democracy & Technology blog post, President and CEO Nuala O’Connor describes why the OPM incidents are unlike any previous breach in history.
She notes that the breach “raises real questions about the government’s ability to safeguard the data in its possession, and makes somewhat disingenuous the government’s call to strengthen and enforce private-sector security systems."
O’Connor, who served as the first chief privacy officer of the DHS, points out that, “Federal agencies have had a long and troubling history of ignoring recommendations that come from within their own government with regard to privacy and security.”
She added, “Common-sense privacy and security practices don’t need to be expensive or disruptive.”
If you want to comment on this post, you need to login.