These days, the news of a data breach is not surprising. It seems nearly every day, a company is coming forward to announce an infiltration. Large-scale attacks have taken place in every sector, with enterprises, financial organizations and government agencies representing the most-targeted firms.
However, a recent breach of a federal database shows that hackers still have some surprises in store when it comes to infections and compromisation. Some are calling this attack the most prolific in history, and for good reason.
Office of Personnel Management breached
According to Washington Post contributor Ellen Nakashima, U.S. officials announced in early June that they would be notifying an estimated 4 million current and former federal employees that their information was potentially compromised after hackers breached a computer system belonging to the Office of Personnel Management. Investigators discovered that the breach initially took place in December 2014, but the attack wasn’t identified by the OPM until April.
Later investigations showed that the breach was more than 4 times larger than first thought, impacting an estimated 18 million federal employees, according to CNN. After examining the OPM’s internal data, FBI Director James Comey told Senators that the inforamtion of an additional 14 million was also compromised during the breach. This includes not only current and former workers, but those that previously applied for government jobs but were not hired.
The breached database included a swath of employee information, such as Social Security numbers, job assignments, performance ratings and other training details. While officials noted that no data related to employee direct-deposit was stolen, the office declined to comment about the possible compromisation of other payroll information.
“They could not say for certain what data was taken, only what hackers gained access to,” Nakashima wrote.
This isn’t the first time the OPM has discovered a breach of its internal IT systems. Nakashima noted that an earlier attack was uncovered in March 2014, spurring the office to re-examine its security. OPM CIO Donna Seymour noted that after this breach, the organization took “aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks.” Although these tools helped the agency discover this most recent breach, the added capabilities were not enough to prevent hackers from infiltrating sensitive information a second time.
In this first attack, cybercriminals targeted a system created to manage sensitive employee data for those applying for special clearances. This included financial information, details about employees’ family members and other personal data.
Victims: More than expected
Although initial reports stated that the information breached by hackers only pertained to current and former federal employees, a report from ABC News found that compromised data may have belonged to individuals outside the government agency as well. The Hill contributor Ben Kamisar noted that this might have taken place through breached SF-86 forms, which include information related to employee background checks such as information about workers’ friends and family as well as character references.
“If the SF-86’s associated with this hack were, in their entirety, part of the stolen information, then that would mean the potential release of a staggering amount of information, affecting an exponential amount of people,” an anonymous U.S. official said.
The result of suspected Chinese hackers
While the attack is still being investigated, some officials suspect it was the work of Chinese hackers. One such official to share this opinion is House Homeland Security Committee Chairman Michael McCaul, R-Texas, who also pointed out that this attack is “the most significant breach of federal networks in U.S. history.”
“In my judgment, this was an attack by China against the United States government,” McCaul said according to CBS News. “It quantifies to espionage. And that raises all sorts of issues that we need to deal with.”
McCaul went on to say that “threat indicators” in this case point to China, and suggest the possibility of a nation-state sponsored attack. McCaul also speculated that hackers’ intent in this breach was not to steal financial information, but to glean details about the government and its employees “to exploit them so that later down the road they can use those for espionage to either recruit spies or compromise individuals in the federal government.”
The White House refuses to point fingers
While McCaul and others are blaming Chinese cybercriminals for the breach, White House officials quickly noted that they aren’t pointing any fingers until the investigation has been completed. And even then, details might not be shared with the public.
“No conclusions about the attribution of this particular attack have been reached at this point,” said press secretary Josh Earnest. “Even if a conclusion is reached about who is responsible, I can’t guarantee that our law enforcement professionals will assess that making that information public is in the best interest of their investigation.”
A need for improved security
Overall, the attack shows the need for increased security measures, especially within federal agencies. This breach illustrates how an attack could quickly grow, and compromise the information of not only employees and officials, but their friends and family as well. As the government continues to house sensitive personal information on its workers and other citizens, it is critical that they implement the highest-grade encryption and authorization protection possible to help prevent an infiltration.
In addition, the OPM’s use of new, advanced tools shows the difference technology can make. These systems – added after the first breach – enabled the office to pinpoint the second attack, allowing officials to work quickly and mitigate the potential damage.
This case also shows that government agencies still have a long way to go in their security efforts. Although the OPM was able to discover the breach, it wasn’t until months after the fact. Government agencies need the best in monitoring technology to help ensure that any suspicious activity – included that connected with a potential data breach – is quickly brought to the attention of key employees and investigated.