OPM hack: 21 million people's sensitive details stolen in biggest cyberattack in US history

‘It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government,’ the FBI director said

Andrew Griffin
Friday 10 July 2015 05:25 EDT
Comments
The FBI is investigating the source of the hack
The FBI is investigating the source of the hack (AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers stole the most sensitive information of 21 million people in the US, it has been revealed, and nobody will say who did it.

An already huge breach of the US government’s computer systems was much bigger than previously thought, the Obama administration has revealed.

The scope of the data breach, believed to be the biggest in US history, has grown dramatically since the government first said earlier this year that hackers had gotten into the Office of Personnel Management's (OPM) personnel database and stolen records for about 4.2 million people.

Since then, the administration has acknowledged a second, related breach of the systems housing private data that individuals submit during background investigations to obtain security clearances.

That second attack affected more than 19 million people who applied for clearances, as well as nearly two million of their spouses, housemates and others who never applied for security clearances, the administration said.

Among the data the hackers stole was criminal, financial, health, employment and residency histories, as well as information about their families and acquaintances.

The new revelations drew indignation from members of Congress who have said the administration has not done enough to protect personal data in their systems, as well as calls for OPM director Katherine Archuleta and her top deputies to resign.

Yet Ms Archuleta insisted she would not step down.

In a conference call with reporters, Ms Archuleta said the hackers also got hold of the user names and passwords that prospective employees used to fill out their background investigation forms, as well as the contents of interviews conducted as part of those inquiries.

Yet the government insisted there were no indications that the hackers have used the data they stole.

Numerous US lawmakers have said China was behind the attack. But Michael Daniel, President Barack Obama's cybersecurity co-ordinator, said the government was not yet ready to say who was responsible.

Officials have acknowledged that the same party was responsible for both of the breaches, which took place in 2014 and early 2015. Investigators previously said that the US government was increasingly confident that China's government, and not criminal hackers, was responsible for the extraordinary theft of personal information.

China has publicly denied involvement in the break-in.

Yesterday, during a round-table discussion with reporters, FBI director James Comey described the scope of the OPM breach as "huge".

"It's a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government," he said.

The administration says it has stepped up its cybersecurity efforts by proposing new legislation, urging private industry to share more information about attacks and examining how the government conducts sensitive background investigations.

Additional reporting by Press Association

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in