The White House made a tactical decision to define a cyber attack on the Office of Personnel Management as two distinct breaches, which allowed the administration to publicly deny that many more millions of highly-sensitive employee documents were taken, The Wall Street Journal
The FBI has been investigating the hack, which multiple officials believe was carried out by the Chinese, and have long known that both personnel files and security clearance forms were stolen. The latter contain sensitive information about government employees and contractors -- information that foreign spy agencies could use to target U.S. intelligence operations, the Journal reports.
The White House house at first said some four million employees were affected but as of this week, that numbered has ballooned to as many as 18 million unique social security numbers, OPM Director Katherine Archuleta said on Wednesday during testimony at the Capitol, though she cautioned that the numbers were unverified and preliminary.
The administration decision to define the hack as two breaches has significant implications, according to the Journal:
"That had major implications for the initial description of damage. Rather than saying the hack implicated the private details of an estimated 18 million people—and potentially millions more if you count the relatives and close friends listed on the security clearance forms—the agency said about four million people were potentially affected."
Senators said they doubt the government’s personnel office understands the breadth of a computer hack that exposed the records of more than 4 million federal workers, or that the agency can stop another breach.
“OPM is having a difficult time completing its forensics work to determine exactly” how many people were affected, Sen. Susan Collins, a Maine Republican, said after the briefing. “I would wager that in the end it’s going to be significantly more than the 4.2 million.”
OPM has taken 23 steps, including installing more firewalls and mandating cybersecurity training, to shore up its networks since Archuleta became director, the agency said in a report released Wednesday. Going forward, OPM will hire a new cybersecurity adviser and consider encrypting more data to guard against hackers, the report said.
Federal officials familiar with the breach first announced June 4 have said that hackers connected to the Chinese government are believed to be responsible, but the Obama administration has declined to publicly blame any nation. The hack, in which intruders gained access to forms recording personal information about people who apply for security clearances, is one of the largest and most serious in the government’s history.
“If there’s a smoking gun, it appears to be held in the arms of our Chinese friends,” Senator Tom Carper, a Delaware Democrat, said after the briefing.
Among the employees whose records may have been accessed are U.S. senators, Collins said. She said she and at least three colleagues she declined to name had received letters from OPM warning that their personal data were compromised.
Collins said she followed the agency’s instructions and signed up online for identity theft and credit monitoring.
“It’s like, ’Boy, I hope they bothered to encrypt this one,’” she said. “I don’t know whether I’ve added to my problem or whether I’ve solved it.”
Senators exiting the meeting declined to assign blame to Archuleta or other federal officials for the hack. Stephanie O’Sullivan, principal deputy director of national intelligence, and Jeh Johnson, the secretary of the Department of Homeland Security, also briefed the senators.
Former Florida governor Jeb Bush, a Republican presidential candidate, said Tuesday on Twitter that he would have fired Archuleta. The breach wasn’t discovered for months after hackers first gained access to OPM data.
Senator Barbara Mikulski, a Maryland Democrat, said after the briefing she didn’t believe Archuleta should be asked to resign.
Senator Dianne Feinstein of California, the top Democrat on the Intelligence Committee, said earlier on Tuesday that the hack underscores the need for legislation to boost the government’s online defenses.
“My concern is to get cybersecurity legislation through,” Feinstein said, adding that she was “hopeful” the Senate could consider such a measure following next week’s July 4 break.
Information from Bloomberg was used in this report.
© 2021 Newsmax. All rights reserved.