Council Foundation Logo Leaders Edge

Last week it was announced that the U.S. Office of Personnel Management was hacked, exposing the records of over 4 million current and former government workers. So here is what we know and what we think we know about the data breach.

Only have a few minutes? Check out this 3 minute CNN video overview.

What we know:

  • 4 million current and former federal employees had their personal data compromised when hackers stole OPM’s Central Personnel Data System File.
  • Compromised information included names, addresses, dates of birth, pay grades, records of personnel actions, as well as pension, insurance, and health plan details, and social security numbers.
  • The group that hacked OPM is associated with the data breaches at health insurers Anthem and Primera.
  • The data goes back to at least 1985. One official stated, “This is deep…This means that they potentially have information about retirees and they could know what they did after leaving government.”
  • OPM failed to protect themselves after suffering a previous data breach 9 months prior.
  • CISA is once again in the spotlight, with the White House and many Senators taking to the airwaves to call for the bill to be brought quickly to the floor. Opponents warn against moving too quickly towards “flawed” legislation.
  • China denies any involvement in the breach.

What we think we know:

  • Senator John McCain (R-Ariz.) told The Hill that the hack “could be much worse than previously imagined,” although he did not go into specifics of what that could mean.
  • As more details come to light, many are pointing fingers at the Chinese state. Some believe that the government is building a massive database of Americans’ personal information by targeting government organizations and health care companies. It is also thought that these attacks were not intended to place personal information on the black market for financial gain, but rather to gain more intelligence and “achieve an age-old goal of espionage: recruiting spies [and] gaining more information on an adversary.”
  • Chinese state-backed hacker group “Deep Panda” was most likely behind the attack.
  • OPM’s files were probably not encrypted and the breach was likely the result of a zero-day malware attack.

One Response to “OPM Data Breach: What Do We Know? What Do We Think We Know?”

Leave a Reply

You must be logged in to post a comment.