The U.S. government admitted Tuesday that it failed to inform the 21.5 million federal employees, federal retirees, and former employees of the security breach at the Office of Personnel Management (OPM), discovered nearly four months ago.
The OPM announced that the Department of Defense would start submitting notifications to those affected “later this month.” Officials added that the process may take several weeks, while notifications would be handed personally to the victims of the hack.
Moreover, the U.S government hired a new contractor to protect the database from further hacks. According to OPM, a $133 million contract was awarded to Identity Theft Guard Solutions LLC for ID theft protections for the next three years. The company would provide identity and card credit theft protections, theft insurance to both federal employees and their non-adult family members.
Hackers stole millions of social security numbers, tens of thousands of forms required when applying for national security positions, which contained sensitive data about college roommates and family members, and zillions of personal data on veterans, federal employees, and the military including birth, home address, job performance life insurance, pension, age, gender, and race.
More than 1 million fingerprints were also leaked compromising hundreds of U.S. spies because they now can be identified through their fingerprints although they may change their names.
The leaked documents may also contain sensitive data on drug abuse, fines, and arrests.
The Federal Bureau of Investigation announced that hackers were located in China. It is unclear whether the Chinese government has sponsored the attack since Beijing denied any involvement.
But anonymous sources claim that the Chinese military is working on a database with all the stolen information on U.S. federal employees.
Nevertheless, the U.S. government denied that they had any information on criminals trying to use the stolen data for nefarious purposes. But if the theory is correct, hackers may use the database and leaked e-mail addresses to insert spyware in the networks of federal agencies and steal even more data.
Some security experts urged the U.S. government to switch the management of employee data from OPM to another agency since OPM failed on multiple levels to secure the data. For instance, social security numbers of federal employees were not encrypted during the time of the hack. Obama administration said that it was considering the possibility.
The federal investigation into the hack is ongoing, but federal investigators complained to their superiors that the OPM was slowing the investigation by giving them misleading or incorrect information.
Image Source: Wikimedia