White hat hacker: Data breach more serious than gov't admits
Insight from cybersecurity expert David Kennedy
A major cyberattack on U.S. federal personnel data was far graver than the Obama administration has acknowledged, with hackers obtaining information on every federal employee, the president of a government workers union claimed Thursday.
In a letter to the director of the Office of Personnel Management (OPM), J. David Cox, national president of the American Federation of Government Employees (AFGE), said that based on the information provided by the OPM, the hack was much broader than previously thought.
“Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees,” Cox said in the letter dated Thursday.
The OPM, which acts as the human resources department for the federal government and conducts more than 90 percent of federal background checks, said last week that it detected a “cyber-intrusion” into its systems in April, and that the information of 4 million current and former federal employees had been compromised, the largest data breach in federal government history.
Cox went on to say that the hackers have accessed a host of information that includes Social Security numbers, military records, addresses, birth dates, pay histories, health insurance and pension information. The AFGE also believes that Social Security numbers were not encrypted, which Cox calls “a cybersecurity failure that is absolutely indefensible and outrageous.”
When asked for comment on the letter, a White House spokesperson told Fox News: "I’d note for you that OPM in its announcement of this incident noted that they would be reaching out to about four million current and former federal employees whose PII (personally identifiable information) may have been compromised, and that seems to be what the AFGE release is saying too."
Sen. Harry Reid, D-Nev., said on the Senate floor that the December hack was carried out by "the Chinese" without specifying whether he meant the Chinese government or individuals. Reid is one of eight lawmakers briefed on the most secret intelligence information.
Sen. Susan Collins, R-Maine., a fellow intelligence committee member, has also said the hack came from China, saying the breach was "yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances."
U.S. officials have declined to publicly blame China, which has denied involvement.
In the letter, Cox called for all federal employees to be given free credit monitoring for life and liability insurance “that covers the entirety of any loss attributable to the breach” and blasted the current system's ability to answer affected employees' questions.
“Federal employees who have been victimized by this breach deserve more than a difficult-to-navigate website and call center contractors who do not know answers to questions that go beyond a FAQ template,” Cox said.
The OPM has sought to downplay the damage, saying what was taken "could include" personnel file information such as Social Security numbers and birth dates.
A well-placed intelligence source told Fox News the breach involved an "advanced persistent threat" designed to harvest information covertly without crippling systems and that the attack bears similarities to those carried out by nation-states, not by criminal syndicates.
The Associated Press and Fox News' Catherine Herridge, Lesa Jansen and Matt Dean contributed to this report.
Get the latest updates from the 2024 campaign trail, exclusive interviews and more Fox News politics content.
More from Politics
