James Comey briefed US Senators in a closed-door meeting

Jun 24, 2015 11:41 GMT  ·  By

In a public statement published by the US Office of Personnel Management (OPM), the agency informed that hackers stole highly sensitive information of 4 million US federal employees, but the figure may be well underestimated as FBI boss James Comey allegedly relayed to the Senate a number 4 times larger.

At the beginning of June, OPM announced that in April it found evidence of a cyber intrusion that resulted in data available in personnel records (names, social security numbers, date and place of birth, current and former addresses, job assignments, training) falling into the hands of an unknown party.

Although there is no official attribution, sources close to the investigation have shared with different news outlets that Chinese actors are believed to be behind the attack.

Info may extend to prospective employees, too

According to CNN, citing officials informed on the matter, Comey said in a closed-door briefing to US Senators that the estimated number of affected individuals (current and former federal employees) was 18 million.

The individuals may also include those who applied for a job in a government department but did not get it.

OPM is tasked with hiring and retaining government workers from various federal agencies, including intelligence institutions and people with high security clearances.

Following the incident, J. David Cox, president of the American Federation of Government Employees (AFGE) wrote in a letter to OPM Director Katherine Archuleta that the union believed that the social security numbers were not stored in an encrypted state, which would give the threat actor direct access to the data.

Furthermore, Cox said that the union believed the hackers were after the Central Personnel Data File and that they had “all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.”

Date of the intrusion remains undisclosed

Unnamed officials told CNN that the intrusion was possible through Keypoint Government Solutions, an OPM contractor that suffered a breach last year, as investigators found that security credentials for the contractor were used to access the OPM system.

However, since the date of the breach has not been determined yet, it is possible that the intrusion at KeyPoint occurred at a later time than the one at OPM.