WASHINGTON, (Reuters) - Data breaches at the U.S. government's
personnel management agency by hackers, with suspicions centering on
China, involves millions more people than previously estimated, U.S.
officials said on Thursday.
The Office of Personnel Management
(OPM) said data stolen from its computer networks included Social
Security numbers and other sensitive information on 21.5 million people
who have undergone background checks for security clearances.
That
is in addition to data on about 4.2 million current and former federal
workers that was stolen in what the OPM called a "separate but related"
hacking incident. Because many people were affected by both hacks, a
total of 22.1 million people were affected, or almost 7 percent of the
U.S. population.
The breach had already been considered one of the most damaging on
record because of its scale and, more importantly, the sensitivity of
the material taken.
Those exposed included 19.7 million who
applied for the clearances - current, former, and prospective federal
employees and contractors - plus 1.8 million non-applicants, mostly
spouses or co-habitants of applicants, the agency said.
Lawmakers
from both parties demanded OPM Director Katherine Archuleta's removal.
House of Representatives Speaker John Boehner, a Republican, said
President Barack Obama "must take a strong stand against incompetence in
his administration and instill new leadership at OPM."
"The
technological and security failures at the Office of Personnel
Management predate this director's term, but Director Archuleta's slow
and uneven response has not inspired confidence that she is the right
person to manage OPM through this crisis," added Virginia Democratic
Senator Mark Warner.
Archuleta said neither she nor OPM chief
information officer Donna Seymour would be resigning. "I am committed to
the work that I am doing at OPM," Archuleta told reporters during a
conference call. "I have trust in the staff that is there."
The White House said Obama retains confidence in Archuleta.
CHINESE ROLE
The
United States has identified China as the leading suspect in the
massive hacking of the U.S. government agency, an assertion China's
Foreign Ministry dismissed as "absurd logic."
Asked during a
conference call with reporters on Thursday whether China was
responsible, a White House National Security Council official, Michael
Daniel, said "we're not really prepared to comment at this time on the
attribution behind this event."
Daniel, special assistant to the
president and cybersecurity coordinator at the National Security
Council, said that "at this point the investigation into the attribution
of this event is still ongoing and we are exploring all of the
different options that we have."
OPM said the stolen personal
identification data included: Social Security numbers; residency and
educational history; employment history; information about immediate
family and other personal and business acquaintances; and health,
criminal and financial history. Also stolen were about 1.1 million
fingerprints, the agency said.
Since they were revealed last
month, the hacking incidents have alarmed the millions of Americans
affected. OPM said in a statement that its investigation had found no
information "at this time" to suggest any misuse or further
dissemination of the information stolen from its systems.
OPM said
it is highly likely that anyone who went through a background
investigation after 2000 was affected by the cyber breach. Those who
underwent background checks before 2000 might be impacted but it is less
likely, the personnel agency said.
"Rather than simply place
blame on the hackers, we need to acknowledge our own culpability in
failing to adequately protect so obvious a target," said the top
Democrat on the House of Representatives intelligence committee, Adam
Schiff.
The Social Security numbers are just the tip of the
iceberg. The critical information, which was not encrypted, involves a
complete rundown of the personal lives of some 90 percent of applicants
for security clearances, mainly excepting most undercover CIA agents.
That
includes drug use, romantic histories and close friends abroad of those
in the military, National Security Agency (NSA) and sensitive State
Department posts, among many others, essentially a road map for what
weaknesses might be used for blackmail by a foreign power.
Though
not attributing the attack in public to China, investigators have told
Reuters that their prime suspect is a team tied to that nation's
Ministry of State Security. The evidence includes a specific piece of
malicious software and the use of a stolen digital certificate, both of
which had been seen in only a small number of attacks that had been tied
to the same group.
Dmitri Alperovitch, chief technology officer
at security firm CrowdStrike, said his company's analysis of data about
the breach provided by the government made it clear that one or another
part of the Chinese government directed the hacking.
Culled from:
Huffington Post
Image credit: engineersgarage.com
No comments:
Post a Comment