Up to four million current and former federal employees may have been compromised following a breach of computer systems of the Office of Personnel Management (OPM), making it the largest known cyberattack to occur on a federal network. The attack started in December of 2014 but was not discovered until April of this year.
The data compromised included security clearance information and background checks dating back three decades, with one U.S. defense official stating that it “was clearly aimed at gaining valuable information for intelligence purposes”.
Over the weekend, ABC News reported that U.S. citizens not employed by the government may have also been affected by the hack because of information provided on SF-86 forms filled out by federal employees seeking security clearances; something that the Office of Personnel Management denies as these records are stored separately from those that were compromised.
Despite this, while OPM knows what types of data were exposed to the hackers, it is not yet clear what data was taken.
It has since been reported that private cybersecurity researchers believe OPM was targeted by the same hackers who targeted Anthem and Primera Blue Cross health insurance groups last year, which saw a total of nearly 90 million records being compromised.
While it may appear that the two hacks are completely separate, evidence links the two attacks with cyber espionage undertaken by China as there is a correlation in the fingerprints that identify them. It is thought that the computer systems used in the breaches are identical and that the combined data stolen from these hacks could be used to bribe government officials as well as being sold on the black market and used for phishing scams.
The biggest concern for the government, as highlighted by Counterintelligence official Dan Payne, is that: “They’re able to identify people who are in positions with access to significant national security information and can use personal data to target those individuals” and further stated “details from personnel files could be used to craft personalized phony messages to trick workers. Federal employees who think they’re opening an email from co-workers or family members might infect their computers with a program that would steal more information or install spy software”.
After the Anthem hack, where data was compromised as it was not encrypted at rest, the question is why does it appear that sensitive information held on government employees was also unencrypted? OPM has yet to comment on whether the data affected in this incident was encrypted.
It has been said that the hackers used a “zero-day” – a previously unknown cyber-tool to take advantage of a vulnerability that allowed the intruders to gain access into the system. This hack highlights the importance of encryption of data at rest – if cyber-attackers can infiltrate a government network, it is crucial that organizations – especially those in the healthcare sector, which is fast becoming the target for hackers – take the necessary steps to protect their data through encryption.