Chinese hackers successfully infiltrated a government database containing information related to security clearances on millions of American federal workers, according to a report.
The report, published on Friday by the Washington Post, said for the first time that government contractors were also impacted by the attack on computer systems used by the Office of Personnel Management, the federal agency that handles data and services related to the employment of federal workers.
Last week, the OPM acknowledged more than four million government employees — including two million prior employees — had been impacted by the compromise. The breach, which affected records related to the financial histories, living situations and associates of federal employees, was detected in April but was not announced until earlier this month because officials did not immediately know what had been taken and who might be affected.
Officials said they learned that federal employees might be impacted after conducting a forensic examination of the compromised systems. That investigation is still ongoing, and the true breadth of the compromise is not yet clear.
On Thursday, reports suggested that hackers were successfully able to obtain military records, veterans’ records and records related to the names, ages, addresses, birthdays, pay history, insurance history and social security numbers of current and past federal employees. That information came via a letter sent to OPM by the head of a union representing hundreds of thousands of federal workers.
“Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the target database, and that hackers are now in possession of all personnel data for every federal employees, every federal retiree and up to one million former federal employees,” wrote Jeffrey David Cox, the national president of the American Federation of Government Employees. Cox went on to alleged that OPM had left employees’ social security numbers unencrypted on government systems, something that the union called a “cybersecurity failure that is absolutely indefensible and outrageous.”
Officials at OPM and elsewhere are remaining tight-lipped about what exactly was compromised from various computer systems because the investigation is ongoing. The compromise took place in December, according to a senior Department of Homeland Security official quoted by the Washington Post, adding that “a lot of data” was allegedly stolen by hackers.
“It took a while to pinpoint what exactly went out the door because it happened six months ago,” the official told the Post.