Government agencies announced Thursday that four million current and former U.S. federal employees' personal info has been compromised by a massive hack, according to a tweet from ABC News. Employees will be notified if their information was at risk. The Office of Personnel Management said in a statement that it "detected a cyber-intrusion affecting its information technology (IT) systems and data" in April, according to 11 Alive News. Chinese hackers allegedly breached the system before the adoption of tougher security controls, according to the Washington Post.
The hack was the second major intrusion of the OPM by China in less than a year, according to the Post. OPM handles security clearances and employee records. OPM officials said they discovered the breach in April but declined to comment on who might be behind it. The Post received the information about China from other U.S. officials, who spoke on conditions of anonymity because the investigation is ongoing.
The potentially compromised information included employees' job assignments, performance ratings, and training, officials told the Post. The breach thankfully didn't involved background or clearance investigations. OPM Director Katherine Archuleta released a statement about the breach, according to the Hill:
Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM. We take very seriously our responsibility to secure the information stored in our systems.
A Department of Homeland Security spokesman told the Hill it noticed “malicious activity affecting its information technology (IT) systems and data in April," and then concluded in early May that OPM data had been compromised.
A congressional aide familiar with the situation, who declined to be named because he was not authorized to discuss it, told CBS News that both OPM and the Interior Department were hacked. A second U.S. official who also declined to be named told CBS that the data breach could potentially affect every federal agency.
Both DHS and the FBI are investigating the hack. In a statement, DHS said it would issue additional notifications as necessary throughout the investigation, according to CBS. The agency said it is offering free credit report access, credit monitoring, and identity theft insurance and recovery services through a company called CSID to anyone potentially affected by the hack.
Rep. Adam Schiff, a Democrat from California on the House Intelligence Committee, told National Journal the hack should help push Congress to swiftly pass legislation increasing the sharing of cyber-threat information between the private sector and the government. Those kinds of data-sharing measures passed the House last month, but the Senate hasn't yet brought a proposal to the floor. Schiff said this latest intrusion is "most shocking" because Americans expect federal computer networks to be maintained with "state-of-the-art defenses," according to National Journal:
The cyber threat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily bases, and it's clear that a substantial improvement in our cyber databases and defenses is perilously overdue. That's why the House moved forward on cybersecurity legislation earlier this year, and it's my hope that this latest incident will spur the Senate to action.
But, privacy advocates warn that increasing cyber-security data sharing legislation could fuel other government surveillance efforts, which would give more data to the National Security Agency. It's a hard line to draw.
Images: Getty Images (3)