Last week, the U.S. government revealed that a second hacker attack on the Office of Personnel Management has created a federal security clearance breach that could jeopardize the security clearance of federal agents.
The security clearance breach was discovered while officials were investigating the hack of the Office of Personnel Management breach. It was originally reported that the OPM breach, which was announced on June 8th, compromised the records of approximately 4 million current and past federal employees. New reports indicate that the estimated records that were compromised are in the 9 to 14 million range, significantly higher than originally thought.
A senior administration official told CNN,
“During the investigation into the cyber-intrusion of OPM that compromised personnel records of current and former federal employees announced last week, investigators became aware of an additional intrusion affecting different OPM systems and data.”
In this second breach, hackers stole highly sensitive forms or applications that were used in determining government security clearance for federal employees, including federal agents. Because of the information stolen, some officials are saying that the security clearance breach poses a threat to national security and is a very big breach.
U.S. officials are saying that they suspect espionage by the Chinese government as the perpetrators of both the employee records breach and the federal security clearance breach; Chinese officials are denying any government involvement.
According to AP News,
Former Rep. Mike Rogers, one-time chairman of the House Intelligence Committee, said last week that he believes China will use the recently stolen information for “the mother of all spear-phishing attacks.”
Spear-phishing is a term given to a technique hackers use designed to infect spyware onto networks. Fraudulent emails are designed to look legitimate and are sent to users in the hopes they will open them. Once the emails are opened their networks are infected with spyware.
Data security at all levels continues to make headline news – but a data breach is not something you want associated with your organization. Contact us if you are looking for a way to protect your organization from data breaches on unwanted, unused, and outdated data containing devices. We can also assist you if you need to talk to an IT professional regarding data security for all your in-service data containing devices. Either way, we are here to help.