A second data breach at the US Office of Personnel Management has compromised even more sensitive information about government employees than the first breach that was revealed earlier this week, sources claim. It's possible at least 14 million Americans have chapter and verse on their lives leaked, we're told.
The Associated Press reports that hackers with close ties to China are believed to have obtained extensive background information on intelligence-linked government staffers – from CIA agents and NSA spies to military special ops – who have applied for security clearances.
Among the records believed to have leaked from a compromised database are copies of Standard Form 86 [PDF], a questionnaire that is given to anyone who applies for a national security position, and is typically verified via interviews and background checks.
"This form is a permanent document that may be used as the basis for future investigations, eligibility determinations for access to classified information, or to hold a sensitive position, suitability or fitness for Federal employment, fitness for contract employment, or eligibility for physical and logical access to federally controlled facilities or information systems," the form's instructions state.
Naturally, it's a safe assumption that any current federal employee who has such a form on file may have a job that meets that description. In other words, they might be of particular interest to foreign governments, such as China.
The fear is that information obtained from Form 86 – a 127-page tome that could accurately be described as a book about the applicant's life – could be used by a foreign power to coerce US employees into disclosing sensitive information.
Among the information applicants are expected to disclose on the questionnaire are citizenship and passport information, places of residence, schools and military service, employment history, financial records, history of alcohol and drug use, police and criminal records, psychological and emotional health, the names of any groups with which the applicant has been associated, and – crucially – information about foreign travel and contact information for any foreign associates, including relatives.
The AP's sources would not disclose the extent of the breach because details are classified. But some experts believe the earlier breach may have encompassed data for every federal employee, including those associated with national intelligence and the military.
On Friday, two sources familiar with the matter told the AP that the total records stolen may number in excess of 14 million, well above the 4 million figure released earlier by the Obama administration.
The Office of Personnel Management has yet to give a statement on the latest security breach. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Hong Kong
- Identity Theft
- Palo Alto Networks