U.S. cyber attack may be 4 times larger than original reports

Posted Jun 23, 2015 by Caroline Leopold
An estimated 18 million people may have been affected by recent hack of U.S. government data — a number far greater than what is publicly acknowledged. A Chinese group is suspected to be responsible for the theft of data over several months.
Director Katherine Archuleta leads the U.S. Office of Personnel Management (OPM)  the agency respons...
Director Katherine Archuleta leads the U.S. Office of Personnel Management (OPM), the agency responsible for attracting and retaining an innovative, diverse and talented workforce to make the Federal government a model employer for the 21st century.
U.S. Department of Agriculture
CNN broke news Tuesday that the cyber attack on the Office of Personnel Management (OPM) may be worse than original reports. U.S. officials briefed on the investigation say the security breach affects 18 million current, former and prospective federal employees, which is more than four times the 4.2 million the OPM has acknowledged. It is possible the 18 million estimate may grow larger because the personal data of people who applied for government jobs, but never worked for the government, may also have been leaked.
The Obama administration announced the security breach on June 4 and that 4.2 million federal employee records stored at the OPM may have been compromised. The data leak had gone on for some time, possibly months, and among the stolen data was personal, private information collected for security clearance purposes. A week later the President said that a second, separate breach of the OPM's computer system had been found, which likely originated from the same hackers.
U.S. investigators suspect a Chinese group was involved in the attack, which may have been affiliated with the government. Forensic experts believe the attack on the OPM was similar to attacks earlier this year at health insurance companies Anthem and Premera Blue Cross, which may have breached as many as 80 million member records.
U.S. officials believe the breach could be the biggest ever of the government's computer networks and may involve past and current federal workers at nearly every agency. Congressional leaders have initiated questioning of the OPM to understand how the agency could have kept personnel data in an nonsecure, unencrypted form.
At a House oversight panel, Office of Personnel's Management Director Katherine Archuleta received tough questions about lax security practices. Representative Stephen Lynch, (D-Mass.), said "I wish that you were as strenuous and hardworking at keeping information out of the hands of hacker as are at keeping information out of the hands of Congress" when Archueta did not give a direct answer about actions to not encrypt confidential personal data.