Alert: OPM Hack May Be Worst Ever

The recent break of the Office of Personnel Managment has been all over the news, but we haven’t written about it because we like to focus on issues our clients are facing that they can actually do something about. But if you currently have or ever received a government security clearance, this issue affects you.  This is going to prove to be one of the most serious identity theft operations of all time.  The information acquired by the attackers was impressive in its scope.  If this applies to you, getting good identity theft protect is going to be an imperative, and you should plan to keep it active for way more than a year, possibly for your lifetime.

The government recently released this statement:  “The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.” 

In a related statement, the White House said that on June 8, investigators concluded there was “a high degree of confidence that … systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated.”

Joel Brenner, a former top U.S. counterintelligence official said, “”This tells the Chinese the identities of almost everybody who has got a United States security clearance.  That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”

More information:

 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.