Why the OPM hack is an ongoing cyber headache

The shadowy hackers that stole more than 21 million Social Security numbers in a huge breach of federal personnel files have created an ongoing cyber headache, experts warn, citing the data’s value to both criminals and cyber spies.

“It’s tremendously valuable from a criminal perspective. It could also be tremendously valuable from an intelligence perspective -- if these people have security clearances,” Reginald Hyde, executive director of the Cyber Institute at the University of Alabama, told FoxNews.com. “[The hack] could be to use that information to target people for some sort of intelligence.”

The Office of Personnel Management confirmed the scale of the data breach Thursday in a statement on the investigation into a pair of major hacks believed carried out by China.

“The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases,” it wrote. “This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants.”

The statement also confirmed that some records include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints.

OPM Director Katherine Archuleta resigned Friday in the wake of the massive data breach.

Hyde warned that the hack, the latest in a string of high-profile cyberattacks, has left millions of people vulnerable to criminals. “If we assume that there was criminal motivation, all of the Social Security numbers are very useful in identity theft,” he told FoxNews.com. “If  [criminals] don’t use them directly, they resell them on the data black market – a lot of data is stolen in the open, visible web, then used in the dark web.”

Murky recesses of the hidden web, so-called “darknets” are private networks built from connections between trusted peers using unconventional protocols. Darknets are just one part of what is known as deep web – a vast network that is not indexed by search engines such as Google and Bing.

Set against this backdrop, the OPM hack is particularly worrying, according to cybersecurity expert Pierluigi Paganini, co-author of the book “The Deep Dark Web” and founder of the Security Affairs blog.

“We all [know] these information criminals can do pretty much everything they want -- like identity theft, threats,” he wrote in a blog post Friday. Worse still, he added, no one knows who holds the stolen information.

The OPM says that it is taking aggressive steps to bolster its cybersecurity, which include completing deployment of two-factor authentication, expanding continuous monitoring of its systems, and hiring a new cybersecurity adviser.

Nonetheless, the sheer scale of OPM attack could embolden hackers, leading to yet more attacks, warns Paul Martini, CEO of security specialist iboss Cybersecurity. “The long-term implications for people that have their Social Security numbers stolen are massive and we’re only going to see more attacks of this nature if the government doesn’t get serious about protecting its data,” he wrote, in an email to FoxNews.com.

Follow James Rogers on Twitter @jamesjrogers