Investigation of the Office of Personnel Management (OPM) hack is still on. While not much is released about this incident yet, the department has nonetheless provided some kind of explanation surrounding it.

 

There have been a few observations that were compiled and shared by different agencies; though not particularly comforting to the US workforce who is currently battling this data breach, this information can no doubt give their worries some direction.

  • This hack is the second such incident to have occurred, after the Anthem and Premera data breach instance.
  • It is also worth mentioning here that the OPM was breached last year in a similar incident. However, this time the attack is larger in nature and the number of people affected is bigger than the previous one.
  • China is being held responsible for the attack although the Chinese government has promptly denied all the accusations.
  • Over 4 million federal government employees have been touched by this data hack.
  • This attack was launched last December and discovered in April –this is enough to put in peril the information of many more users, other than the initial number of 4 million affected that was quoted.
  • To substantiate the general claims that more than 4 million people have been affected, Bloomberg and the Associated Press have reported that the figure is around 14 million. This staggering number includes current and ex-federal employees in addition to people who have worked in the military and intelligence departments along with government contractors who worked in the 1980s!
  • Also, this questions the potential of the celebrated government detection program EINSTEIN – that is fitted here to identify and prevent such attacks.
  • Besides general information such as names, addresses, etc., hackers have also gained access to sensitive information of the employees with security clearances – the particulars that are mentioned in the SF-86 forms.
  • Also, the SF-86 forms contain detailed employee history such as information about termination, reasons for the termination, criminal history and even psychological records.
  • One angle to this entire instance is that security clearance is done for specific contractors and employees of the OPM – people who are well placed in the department. This raises concern over the intentions of the hackers as they could be compiling names and important data of people who hold high positions in the department to exploit later.
  • This form also contains data about Chinese nationals who’ve been in touch with US workers to pass delicate information but were secretive about the association. Based on this data, they could be identified and punished by the Chinese government.
  • If required after investigations, OPM will send out further alerts to notify the affected users regarding the hack.

So, in a nutshell, OPM is still finding out the motive and the people responsible for this attack and only time will tell if their intentions were the ones shared above or there is much more to this than what meets the eye.