New information related to the US Office of Personnel Management data breach suggests that the number of Americans who had personal data compromised is significantly higher than initially announced, being now estimated at more than 22 million.
The stolen data includes Social Security numbers, addresses, dates of birth, health histories and other personal information and people affected are not only government employees as previously announced, but also citizens who were submitted to background checks for the purpose of getting a security clearance.
Initially, it was announced that the OPM data breach had affected 4.2 million former and current federal employees, but the new report classifies that as a separate hack. The main hack apparently targeted data from 21.5 million people, and by taking into account those who had their personal data compromised in both attacks, the number rises to 22.1 million individuals who had their data compromised.
Breaking it down, those affected include 19.7 million people who applied at one point for security clearances and had their information kept in records and 1.8 million of their co-habitants and/or spouses.
The announcement has put even more pressure for the resignation or sack of OPM director Katherine Archuleta, with the Speaker of the House of Representatives John Boehner urging president Obama to take a firm position against incompetence from his administration.
“The technological and security failures at the Office of Personnel Management predate this director’s term, but director Archuleta’s slow and uneven response has not inspired confidence that she is the right person to manage OPM through this crisis,” added Virginia democratic senator Mark Warner.
But this hasn’t budged the Obama administration, which is still backing director Archuleta while trying to find ways to increase government-related cybersecurity and also protect those affected by the data breach.
The OPM data breach is considered the biggest cybersecurity issue in the history of the United States, and was first noticed in April. Information to date points to it starting in March 2014, but it is possible that the breach had been running for a longer time. The personal data of those who applied for security clearances was easy to access during the breach due to the fact that it was non-encrypted.
Many rumors point to the hack having originated in China, but the Wither House National Security Council has refrained from making a direct statement in this regard, holding it off until its investigation into the matter offers a more complete picture of the event . China’s Foreign Ministry has dismissed the allegations as being made with “absurd logic”.
Image Source: cybersecuritydojo