The Social Security numbers of every current, former and retired federal employee was allegedly hacked, asserts The American Federation of Government Employees in regards to a December data breach of the Office of Personnel Management (OPM). The breach was possibly carried out by the Chinese government.
This accusation was made by AFGE president J. David Cox to OPM director Katherine Archuletta in a strongly worded letter obtained by The Associated Press.
“We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” Cox said in the letter. He called the occurrence “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”
On Monday, the OPM released a statement explaining that in April 2015, the agency became aware of an incident affecting its information technology systems that may have compromised the personal information of current and former Federal employees. For security reasons, the OPM says they will not discuss the specifics of what types of data was targeted in the breach. Why the extent of damage from this particular infiltration was not made public sooner has not been addressed by Archuletta or The White House.
The AFGE believes that the OPM’s central personnel data file, which contains up to 780 separate pieces of information about an employee, was the target of the theft. This file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs. It includes data about military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; along with age, gender and race data, explains Cox. This will significantly affect blacks working in Federal government as more than 17% of the federal workforce is African American.
Though OPM denies this, data containing background investigations of employees and contractors applying for security clearances may have also been targeted.
Since the incident was identified, OPM claims that it immediately implemented additional security measures to protect the sensitive information it manages. OPM also partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team, and the Federal Bureau of Investigation to determine the impact to Federal personnel.
Beginning June 8, the agency started sending emails and letters via the U.S. Postal Service to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident. The email will come from email@example.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those employees impacted by the data breach. Notifications will end June 19.
Additionally, OPM is offering affected individuals a free, 18-month membership with CSID, a company that specializes in identity theft protection and fraud resolution in order to mitigate the risk of fraud and identity theft.
The comprehensive service includes immediate credit report access, credit monitoring, identity theft insurance and recovery services.
Visit the company’s website, www.csid.com/opm or call toll-free 844-777-2743 (International callers: call collect 512-327-0705) for more information.