14 DAY TRIAL // The investigation into the cyber intrusion on the US Office of Personnel Management (OPM) announced last week continues, but J. David Cox, president of the American Federation of Government Employees (AFGE), expressed concern about sensitive info on all federal employees having been stolen by the hackers.
OPM disclosed the breach on June 4, saying that the incident had been discovered in April during an “aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its various networks.”
The number of impacted individuals given by the office is about 4 million, including current and former federal employees.
AFGE believes the breach is more extensive
However, in a letter to OPM Director Katherine Archuleta, Cox said that based on “the sketchy information” offered by the office, the union believes that the asset targeted by the hackers was the Central Personnel Data File.
Cox added that little information was shared by the OPM and that AFGE thinks that “hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.”
As far as the content obtained by the hackers is concerned, the union believes the intrusion exposed social security numbers (SSNs), military records and veteran’s status information, age, gender, race, and union status.
“Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” Cox wrote in the letter dug up by journalist Matthew Keys.
Protection mechanisms offered by OPM are not sufficient
As part of the risk management, OPM is offering affected employees 18 months of free credit monitoring, but Cox pushes for increasing the duration of the protection to lifetime and liability insurance that covers any loss in connection to the breach.
AFGE represents over 670,000 federal employees in government departments and agencies in the executive branch, which makes it an important organization that should receive an exact account of the damage caused by the intrusion and what led to its occurrence, Cox complained.
According to Wall Street Journal, the incident may have been discovered during a sales demonstration for a network security solution that uncovered malware on OPM’s infrastructure.