OPMData systems at the Office of Personal Management (OPM) were the target of a massive cyberattack which has resulted in the theft of sensitive information for over 21 million people in US.  That number is more than five larger than the number originally revealed a month ago when the news of the breach was first revealed.

Members of Congress were briefed on the scope of security breach Thursday, which now includes 19.7 million applicants for security clearance at government jobs as well as 1.8 million relatives and associates.  Among the stolen data were criminal, financial, health, employment and residency histories, as well as information about their families and acquaintances. The hackers also obtained user names and passwords that prospective employees used to fill out their background investigation forms, as well as the contents of interviews conducted as part of those investigations.  FBI director James Comey described the scope of the OPM breach as “huge”.

“It’s a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government,” he said.

While no one has been officially blamed for the attacks, investigators previously told The Associated Press that the U.S. government was increasingly confident that China’s government, and not criminal hackers, was responsible for the security breach.  Despite allegations, the Chinese government has publically denied all involvement in the breach.

In the wake of the reveal on Thursday, the director of OPM has resigned after demands on both sides of congress.  The administration is now working towards efforts to improve its cybersecurity efforts with the proposal of new legislation, urging private industry to share more information about attacks and examining how the government conducts sensitive background investigations.

If you underwent a background investigation through OPM in 2000, or afterwards, it is highly likely that your information was part of data leaked in the recent breach.  If you suspect your information has been compromised, you should visit the OPM official website at www.opm.gov/cybersecurity for more information about the breach and safety precautions you should take.

– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer