Hackers stole 21.5 million Social Security numbers after breaching a federal agency’s personnel database, the U.S. Office of Personnel Management (OPM) announced Thursday.
The breach likely affected every person given a government background check over the past 15 years, according to the agency’s announcement.
The scale of the breach was discovered in May during an interagency forensics investigation.
The OPM says the breach resulted in the theft of “sensitive information” from the agency’s background investigation database, including:
- Social Security numbers of 21.5 million people (including 19.7 million who applied for a background investigation and 1.8 million nonapplicants, primarily spouses or cohabitants of applicants)
- “Some” findings from interviews conducted by background investigators
- About 1.1 million fingerprint records
According to the agency’s announcement:
If an individual underwent a background investigation through OPM in 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.
In the wake of the findings, the White House announced that OPM Director Katherine Archuleta was resigning, Reuters reports.
In its original announcement, OPM stated that there “is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.”
This is the second major breach discovered by the Office of Personnel Management in the last few months.
In early June, the OPM announced details of a breach the agency had discovered in April. The agency concluded that this breach likely resulted in the theft of personnel data associated with 4.2 million current and former federal employees.
Gary Steele, chief executive of Proofpoint, tells Fox Business that his cybersecurity company has had to innovate rapidly to keep up with hackers’ evolving tactics.
Organizations like the OPM must also evolve in terms of protection, he says:
“Organizations are much more vulnerable than they have ever been. Traditional anti-virus systems don’t protect from these new forms of attacks.”
Are you concerned that business and the federal government are not protecting your information? Share your thoughts in our Forums. It’s a place where you can swap questions and answers on money-related matters.