The White House revealed in early June that malicious actors believed to be backed by China were able to breach the U.S. government’s Office of Personnel Management’s computer networks. Now, officials from the agency have released a statement saying that the breach was more widespread than originally thought and a database containing sensitive security clearance information on millions of government employees and contractors was compromised.
The most recent breach comes on the heels of another security intrusion of an OPM personnel system. In fact, had the original hack not have taken place, the second breach may never have been discovered, as investigators noticed similar anomalies in both attacks, believed to be the work of a single cybercrime campaign orchestrated by China.
“This is potentially devastating from a counterintelligence point of view,” said Joel Brenner, a former top counterintelligence official for the U.S. government, said in an interview with The Washington Post. “These forums contain decades of personal information about people with clearances . . . which makes them easier to recruit for foreign espionage on behalf of a foreign country.”
The newest breach affected at least 4 million current and former federal employees in all levels of government. According to the agency, data on employees as high up as cabinet secretaries may have been accessed during the hack. However, the president and vice president’s data was not compromised.
The background check database that was involved in the hack stored information on employees’ financial histories, current and past residencies, names of children and relatives, foreign trips taken and records of any contact with foreign nationals. According to Matthew Olsen, former general counsel for the National Security Agency, the information exposed during the breach could be used to target people in a variety of ways, whether through blackmail or to punish those in China that have connections to people inside the U.S.
Hackers remained unnoticed for months
The OPM database was originally breached in December 2014, but wasn’t discovered until April 2015, according to senior Department of Homeland Security official Anne Barron-DiCamillo. It wasn’t until even later, in early May, that it was definitively determined that employee data was stolen.
“It took awhile to pinpoint what actually went out the door because it happened six months ago,” said Barron-DiCamillo.
In the wake of the breach, and the realization that it took four months to detect the intrusion, the White House has ordered all federal agencies to make immediate improvements to their cybersecurity systems in order to fix some basic problems. The new changes include implementing multi-factor authentication that requires all employees to use personal identity verification, or smartcards. United States CIO Tony Scott has also announced the creation of a Cybersecurity Sprint Team, which will lead a 30-day review of the government’s security policies and practices. At the end of the review period, all agencies will have to provide a report detailing their progress.
Most of the government’s new security requirements are stressing basic defense measures which can often be overlooked, according to cybersecurity expert Ken Westin.
“Many times these fundamentals can have a broader impact on an organization’s security posture, so it is critical that new programs or tools are implemented on top of a mature set of layered security controls,” said Westin.
Layered security solutions like those offered from Faronics offer businesses the level of defense and protection necessary to keep up with today’s growing cyber threats.