A huge data breach exposing personal information of 4m current and former federal employees has been revealed, with insiders already blaming Chinese hackers. The attack focused on the IT systems at the Office of Personnel Management, the agency responsible for the civil service, and was spotted in April this year. Among the data believed to have been taken are individual employeee job assignments, along with their performance ratings and information on what training they had received.
The OPM confirmed this afternoon that the breach came to light during its update of cybersecurity policies and infrastructure. In fact, the hack took place before tougher security controls were implemented, the agency says.
“Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network” Office of Personnel Management
While the OPM’s official statement is yet to assign blame for the hackers, suggesting only that the investigation with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the FBI is still underway, government sources told the Washington Post that China is the culprit.
Those insiders also suggested that background checks and detailed clearance investigations were not included in the ill-gotten data haul.
The OPM will be contacting the roughly four million people believed to be affected, though warns that the number may still increase as the FBI and US-CERT dig into the specifics.
In addition to the warning, those involved will be offered free credit report access along with an 18-month subscription to credit monitoring and identity theft insurance with $1m coverage.
Even without the full extent of the situation known, experts are already calling the hack the biggest theft of government data in history.