Although reports of the incident only started coming out on Thursday, June 4, the breach had apparently been detected as early as April and may have actually happened far earlier than that, as far back as late last year. While a federal investigation into the origins of the cyber attack is still underway, officials are currently attributing the breach to Chinese hackers, though no official comment on that connection has been made as of yet.
As The New York Times reports, this case marks the third time in just the past year that federal government computer systems were compromised by a foreign hacker. Last year, Russian hackers breached the White House and State Department’s email servers, even obtaining unclassified emails from President Obama’s account. A second incident last summer also saw cyber criminals hack their way into the OPM, stealing files from tens of thousands of workers that had applied with the office for top-secret security clearance. It is believed that Chinese hackers were also behind that OPM breach.
This latest attack appears to be far more comprehensive. According to the Times, the compromised data of the millions of past and present government employees included employee Social Security numbers and other undisclosed pieces of “personal identifying information.”
“We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace,” said Joshua Campbell, an FBI spokesman, in an official statement. OPM director Katherine Archuleta added that, “Protecting our federal employee data from malicious cyberincidents is of the highest priority at O.P.M. […] We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
The timing of the incident is especially bad, as the breach occurred just before OPM could finish implementing a new series of cyber security protocols. These new safeguards would restrict remote administrator access to the office’s network and review any external connection attempts made through the web.
Officials within the Obama Administration disclosed that while they had first confirmed the data breach over a month ago, they had been taking steps to coordinate with other federal agencies and ensure other departments were insulated from possible cyber attacks before going public. Nevertheless, this latest breach drew a new round of criticisms from legislators like Representative Adam Schiff (D-CA), the Intelligence Committee’s senior Democrat member, who launched a series of Twitter posts in which he said that an overhaul of federal cyber security was “perilously overdue.”
While you can take steps of your own to protect your personal information, once it’s in the hands of a third-party — such as the government or your employer — it’s impossible to determine if or when a cyber criminal may ever be able gain access to it. Cases like these serve as important reminders that oftentimes the best form of identity protection is to sign up for a credit monitoring service as soon as possible. Credit monitoring services can alert you of certain activities in your credit files that may indicate potential fraud.