US government admits 21.5 million records taken in OPM hack

Over 21.5 million people have been affected by a second major data breach at the Office of Personnel Management (OPM).

This is a significantly higher number than was initially suggested, and has resulted in the loss of personal data including names, addresses and Social Security numbers.

The OPM houses personal information for all federal employees.

The department officially announced in June that the personal data of 4.2 million individuals had been stolen in what they are now calling a "separate but related" incident.

OPM's Interagency Incident Response Team explained that the second breach has exposed the Social Security numbers of 21.5 million individuals.

This number comprises 19.7 million people who applied for a background investigation, and 1.8 million non-applicants such as spouses or co-habitants of applicants.

"Background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation," said the OPM.

"[But] there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of federal personnel were impacted.

"These records include identification details such as Social Security numbers, residency and educational history, employment history, information about immediate family and other personal and business acquaintances, health, criminal and financial history, and other details."

The OPM said that it will provide assistance to those affected by the hack, including identity theft insurance, and fraud and credit monitoring.

"The protections in this suite of services are tailored to address potential risks created by this particular incident, and will be provided for a period of at least three years at no charge," added the department.

The hack uncovered sensitive data from everyone who applied for federal employment from as far back as 2000.

FBI director James Comey said during a recent US Senate appearance that his own information is likely to have been compromised, showing the wide scope of the breach.

"If an individual underwent a background investigation through OPM in 2000 or afterwards it is highly likely that the individual is impacted by this cyber breach," said the OPM statement.

OPM director Katherine Archuleta has initiated a full-scale review of the department's IT systems to identify and mitigate any other vulnerabilities that may exist.

"To those that have been directly affected by this theft of information, I truly understand the impact this has on our current and former federal employees, our military personnel and our contractors," she said.

Archuleta confirmed that she will not step down over the incident, despite calls to resign by House of Representatives speaker John Boehner and senator John McCain.

The hack on federal records is said to have originated in China, but the Chinese government has denied the accusation.

"Maybe it is better to clarify one's own matters before rushing to make unfounded accusations against others, so as to make oneself sound more convincing," said foreign ministry spokesperson Lu Kang in June.

• Tweet  
• Facebook  
•  
•  
• Save this article  
• Send to  

• Topics
• Government
• Security
• Privacy
• Government
• USA
• cyber-crime
• China