US says hackers stole Social Security numbers from 21.5 million people in recent data breach

[Mockingbird]

WASHINGTON

[Argi]

We should probably ditch SSNs as an identifier, hey.

[+Red King Subscriber²]

we should impose jail sentences for lack of data security ffs

[blank]

The U.S. Office of Personnel Management announced on Thursday that sensitive information including Social Security numbers for 21.5 million people was among the data lost in a breach of its background investigation database.

An investigation into this and a separate breach -- that one involving information on 4.2 million people -- concluded that the two were "separate but related," OPM said.

 

The new numbers expanding the scope of the attacks come one day after FBI Director James Comey called the hack an "enormous breach" to the U.S. Senate Intelligence Committee, saying "millions and millions" of government records were stolen, including his own.

 

The investigation into the hacks concluded that the second breach, which targeted background investigation records kept by OPM, included Social Security numbers, information on family members and other contacts, as well as health and criminal records.

 

It includes 19.7 million people who applied for background check investigations with the federal government, and another 1.8 million people including spouses who did not apply for a background check but whose information was included in the forms. Anyone who applied for a background check from 2000 on might have had their information compromised in the breach, OPM said on Thursday.

 

Among the forms used in federal background checks is the Standard Form 86, an 127-page document that delves into intimate questions about prior brushes with the law, drug use, psychiatric health, and info on friends and family members. It requires the applicant to put his or her Social Security number on nearly every page of the document.

 

The breaches have been the subject of numerous hearings on Capitol Hill since they first came to light, with OPM Director Katherine Archuleta facing tough questions from lawmakers who have called for her dismissal.

 

"Since at least 2007, OPM leadership has been on notice about the vulnerabilities to its network and cybersecurity policies and practices," House Oversight Committee Chairman Jason Chaffetz (R-UT) said in a statement. "Director Archuleta and Ms. Seymour consciously ignored the warnings and failed to correct these weaknesses. Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries."

 

In the aftermath of the breaches, OPM suspended the use of its Electronic Questionnaires for Investigations Processing system (e-QIP), taking it offline for a month or more to make security upgrades. Anyone undergoing a background check for secret clearances in the meantime will have to do so using an older, less hackable technology: paper forms.

 

http://www.nbcnews.com/tech/security/opm-hack-security-breach-n389476

[Obi-Wan Kenobi]

pssh, they can have mine! Maybe they'll pay off my student loan debt, lol! (who am I kidding, wishful thinking I suppose)

[Cnónna]

you would think government agency's would use some kind of 2 factor authentication app or device. like a Yubikey. on all computers. files and documents, I know nothings 100% but if it makes it harder why not.

[perochan]

nothing to steal from me. heck, get rid of my loan.