Officials: Data Breach May Have Affected Up To 4 Million Current, Former Federal Employees
WASHINGTON (CBSNewYork/AP) -- China-based hackers were being blamed Thursday for a data breach that may have left personal information vulnerable for current and former federal employees around the country.
As CBS2's Tracee Carrasco reported, in April, the U.S. Office of Personnel Management detected a cyber-intrusion affecting its information technology systems and data, which had happened before the office recently implemented tougher security controls.
The Department of Homeland Security said in a statement that data from the Office of Personnel Management and the Interior Department had been compromised.
``The FBI is conducting an investigation to identify how and why this occurred,'' the statement said.
The federal government is one of the largest employers in the world, and the extent of the breach is not yet fully known.
"That takes a long time to figure out, and at that point you can really know what the damage is," said security expert James Mottola.
The OPM warned that "personally identifiable information" may have been vulnerable – and about 4 million people might have had their information compromised.
Mottola, a 25-year veteran of the United States Secret Service, said the Office of Personnel management is one of few departments that touches every department in the federal government.
"They could potentially have all the employee records, personnel records, time, attendance, Social Security number, date of birth, and possibly even payment information," Mottola said.
The Office of Personnel Management also issues security clearances -- or access to certain classified information -- that may have been compromised too.
"Just to really know how high in the State Department or other agencies that those folks are, and what kind of access to information they have, it makes them a more valuable target," Mottola said.
The hackers were believed to be based in China, said Sen. Susan Collins (R-Maine).
"We're talking a sophisticated hacker, or a sophisticated group of hackers, funded by government -- a formidable foe," Mottola said.
U.S. administration officials said it is not clear whether the hackers are part of the Chinese government, or are working indirectly on its behalf.
Collins, a member of the Senate intelligence committee, said the breach was ``yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.''
A spokesman at the Chinese Embassy in Washington objected to the allegations that China was involved.
"Cyberattacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify. Jumping to conclusions and making hypothetical accusation is not
responsible and counterproductive," spokesman Zhu Haiquan told CNN. "Cyberattack is a global threat which could only be addressed by international cooperation based on mutual trust and mutual respect."
A U.S. official who declined to be identified said the data breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. Former government employees are affected as well.
``This is an attack against the nation,'' said Ken Ammon, chief strategy officer of Xceedium, who said the attack fit the pattern of those carried out by nation states for the purpose of espionage. The information stolen could be used to impersonate or blackmail federal employees with access to sensitive information, he said.
The Office of Personnel Management is the human resources department for the federal government, and it conducts background checks for security clearances. The OPM conducts more than 90 percent of federal background investigations, according to its website.
The agency said it is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected. The National Treasury Employees Union, which represents workers in 31 federal agencies, said it is encouraging members to sign up for the monitoring as soon as possible.
"Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM," Office of Personnel Management Director Katherine Archuleta said in a news release. "We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted."
In November, a former DHS contractor disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.
Cyber-security experts also noted that the OPM was targeted a year ago in a cyber-attack that was suspected of originating in China. In that case, authorities reported no personal information was stolen.
One expert said it's possible that hackers could use information from government personnel files for financial gain. In a recent case disclosed by the IRS, hackers appear to have obtained tax return information by posing as taxpayers, using personal information gleaned from previous commercial breaches, said Rick Holland, an information security analyst at Forrester Research.
``Given what OPM does around security clearances, and the level of detail they acquire when doing these investigations, both on the subjects of the investigations and their contacts and references, it would be a vast amount of information,'' Holland added.
DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM's systems and the Interior Department's data center, which is shared by other federal agencies.
It was unclear why the EINSTEIN system didn't detect the breach until after so many records had been copied and removed.
``DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion,'' the statement said.
Rep. Adam Schiff (D-California), ranking Democrat on the House intelligence committee, called the hack ``shocking, because Americans may expect that federal computer networks are maintained with state of the art defenses.''
Ammon said federal agencies are rushing to install two-factor authentication with smart cards, a system designed to make it harder for intruders to access networks. But implementing that technology takes time.
(TM and © Copyright 2015 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2015 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)
