14 DAY TRIAL // A cyber intrusion on the systems of the US Office of Personnel Management (OPM) exposed personal information of approximately 4 million current and former federal employees.
The incident was discovered in April, after OPM implemented numerous security upgrades to its computer networks. The exact date of the breach has not been disclosed.
OPM handles a hefty pile of federal employee data
The agency did not release any official information regarding the origin of the attackers, but sources close to the investigation told various media outlets that China was believed to be involved.
The breach is considered to be the largest one to involve data of federal employees.
Among OPM’s attributions there is hiring and retaining government workers, and the breach may be affecting multiple federal agencies (those involved in intelligence, too), although there is no confirmation of this allegation at the moment.
Furthermore, the agency’s responsibilities include carrying out background checks on potential employees, and it is part of the process of granting security clearances across government.
The theory of a state-sponsored attack is valid, as a nation state could use the personal data of federal workers to gain access to sensitive details via blackmail, or more commonly, by impersonating them.
Employees to receive 18 months of free credit and identity protection
Following the discovery of the incident, OPM partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) and the FBI to learn the full impact on federal personnel. Extra security measures have been adopted for the protection of the information it manages.
All impacted individuals will be notified of the incident via postal mail (if an email address is not available), from June 8 through June 19.
Since there is a strong possibility that cybercriminals may try to take advantage of the situation, a warning has been issued that emails from OPM will come from “[email protected],” and they will contain details about protection through credit monitoring and identity protection services.
Such services are provided free of charge to all the people affected by the breach, for a period of 18 months.
“This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM,” the agency said in a notification on Thursday.