A hack attack targeting federal employees is much worse than the White House administration has let on, said the president of the government workers union. And now a second massive cyberbreach of federal records, reportedly executed by China, has resulted in the theft of sensitive information provided by intelligence and military personnel to obtain security clearances.
Nearly every one of the millions of U.S. security-clearance holders is said to be impacted by the newest security breach reported Friday evening – including CIA, National Security Agency and military special operations personnel.
“The forms authorities believed to have been accessed, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies,” the Associated Press reported Friday. “They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.”
Joel Brenner, a former top U.S. counterintelligence official, said, “This tells the Chinese the identities of almost everybody who has got a United States security clearance. That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”
Standard Form 86, a 127-page questionnaire, also contains extensive information about the federal workers’ family members.
“It has more data than a mortgage application,” Phillip Carter, a senior fellow at the Center for a New American Security, told the Wall Street Journal.
According to the paper, the Office of Personnel Management, or OPM, “wouldn’t say how many years’ worth of background-check records could have been obtained by the hackers.”
The hack is believed to be separate from the breach of federal personnel data widely reported last week. J.David Cox, who heads up the American Federation of Government Employees, or AFGE, said in a letter to the OPM that the first widely reported hack announced didn’t just compromise four million federal workers.
“Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree and up to one million former federal employees,” he wrote, Fox News reported.
The massive hack into federal systems was far deeper and potentially more problematic than publicly acknowledged, with hackers believed to be from China moving through government databases undetected for more than a year, sources briefed on the matter told ABC News.
The OPM is the human resources department for the federal government, responsible for conducting 90 percent of the background checks that are required for federal employment. Last week, the agency reported a “cyber-intrusion” of its systems, and estimated data from up to 4.1 million of current and former federal workers had been compromised – the largest hack in federal history.
But it actually could be larger than that, Cox said.
He alleged hackers stole Social Security numbers, military records, addresses, birth dates, pay histories, health data and pension information on past and present federal employees. And he slammed OPM for not encrypting the Social Security numbers, calling that “a cybersecurity failure that is absolutely indefensible and outrageous,” Fox News reported.
CBS News, meanwhile, reported the hack could have impacted up to 14 million federal employees.
A White House spokesperson said to Fox News: “I’d not for you that OPM in its announcement of this incident noted that they would be reaching out to about four million current and former federal employees whose [information] may have been compromised and that seemed to be what the AFGE release is saying, too.”
Sen. Harry Reid said the Chinese are responsible for the attack, but did not specify if he meant the government or individuals. The White House hasn’t publicly fingered China. The Washington Post reports it was Chinese hackers who targeted the OPM and the Interior Department. “We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement.
It was the third major intrusion of the same agency by China in less than a year and the third significant foreign breach into U.S. government networks in recent months. Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyberespionage.
Cox said all federal employees should be given access to free credit monitoring and liability insurance “that covers the entirety of any loss attributable to the breach.”
As WND previously reported, Chris Roberts, the founder of OneWorldLabs, or OWL, said his search engine company just detected data from these hacked OPM files for sale or trade on “darknet,” the online presence that markets stolen data.