Last month, we shared with you the shocking news that the federal Office of Personnel Management (OPM) had been compromised in a data breach. Initial estimates of the damage indicated that the personal data — including names, Social Security numbers and government security clearances — of up to 4 million past and present federal workers may have been leaked, putting them all at risk of identity theft. Unfortunately, a follow-up investigation has revealed that the outcome is actually much worse than first believed — more than five times worse, in fact, with a new report finding that as many 22 million people may have been compromised.
ABC News reports that the number includes 19.7 million applicants for government security clearances — including 3.6 million current and former government employees — as well as another 1.8 million relatives or other associates. Even more alarming is the reach of these federal records, with the OPM announcing in an official statement that anyone who had undergone a background check performed by the agency as early as 2000 is “highly likely” to have been affected.
For weeks, OPM investigators feared that because the hackers involved had obtained background check reports and other stored information on government employees’ families, in addition to the personnel records of those employees, there would have been a “universe of victims […] vastly larger” than initially estimated, writes ABC News. That fear was unfortunately substantiated here, with a quintuple rise in the potential victimization rate.
Just as disturbing was the realization that the hackers — whose possible, but alleged, ties to the Chinese government are still under investigation — had over a year to scour through OPM databases and steal these records before the agency had even discovered the breach. ABC News reports that the cyber attack began in late 2013 and was only just found out this past April.
While the Obama Administration and senior OPM officials maintain that the theft of employee personnel records and the theft of background-check reports were “separate but related” incidents, the need to disassociate the two from one another, as well as make sure that victims across both thefts weren’t being double counted, significantly delayed investigations — consequently causing the agency to draw criticism from lawmakers.
“U.S. intelligence and law enforcement officials are particularly concerned over the theft of forms known as SF-86s that current and prospective federal workers, including certain military personnel and even contractors, submit for security clearances,” the news outlet writes. “The forms require applicants to provide personal information not only about themselves but also relatives, friends, ‘associates’ and foreign contacts spanning several years […] Such information could be exploited to pressure or trick employees and U.S. officials into further compromising their agencies, or they could provide ways for hackers to target people outside [the] government.”
Incidents like these are stark reminders that no matter who we entrust our personal data to, there’s always a risk of a breach, and with it the possibility of ID theft. You can take matters into your own hands, though, with a credit monitoring service. Although these tools can’t completely guarantee identity protection, they can alert you in the event of certain signs of potentially fraudulent activity on your credit files, thereby allowing you to take more proactive steps in stopping identity thieves in their tracks.