OPM now says 21 million Social Security numbers of government workers hacked
When the Office of Personnel Management announced last April that about 4.5 million former and current government workers had their personal information hacked by an unknown entity, Congress was shocked that so many government employees were put at risk.
Now that OPM has revealed that the number of workers hacked is five times higher than previously thought, Congress is calling for the head of the agency to step down. Katherine Archuleta, who presided over this unmitigated disaster, is dismissing calls for her resignation.
More than 21.5 million people who underwent background checks since 2000 had their Social Security numbers stolen as well as their private lives – including personal information like medical records – violated in what the FBI is calling a "threat to national security."
Investigators ultimately determined that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen and 1.8 million relatives and other associates also had information taken, according to OPM. That includes 3.6 million of the current and former government employees for a total of 22.1 million.
"If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach," OPM's statement said today.
Even before today's announcement, there was little doubt that the universe of victims was vastly larger because the hackers had access to far more than personnel records, including files associated with background investigations and information on government workers' families, sources said.
In fact, the hackers allegedly rummaged through various OPM databases for more than a year -- and lawmakers and U.S. officials alike have described the breach as a significant threat tonational security.
"It is a huge deal," FBI Director James Comey told a Senate panel on Wednesday.
Since reports surfaced saying more than just personnel records were stolen, the Obama administration has publicly maintained the theft of background-investigation files was a "separate incident" still under investigation. Some U.S. officials and lawmakers believe that distinction -- encompassing the same cyber-campaign -- kept the full scope of the OPM breach hidden for weeks.
The theft of 19 million SF86 forms is about as bad as it gets for our national security. These forms have highly sensitive personal information on them – the motherlode for spies looking to turn an asset. At least the potential is there for more breaches of other government computer networks, perhaps some of them even more sensitive.
The fact is, many bureaucrats would rather have lovely furniture than address cyber threats. The hack went on for two years without being discovered because OPM refused to spend the money to overhaul their cyber security. Once they did, it was too late.
This story is just getting started. I'm sure congressional hearings on the hack will reveal even more shocking incompetence.