A federal worker union claims that the massive Office of Personnel Management hack reported last week is even bigger and more damaging than the government cares to admit. The American Federation of Government Employees believes the hackers stole the social security number of every current federal employee and retiree, along with the SSNs of up to a million former workers.
Associated Press has also obtained a letter addressed to OPM and written by AFGE’s president, J. David Cox, where he listed the other types of info stolen from OPM’s database: military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; and age, gender and race data. Meanwhile, the Wall Street Journal reports the hackers were inside for more than a year before a sales demo by a tech firm discovered malware in the network.
In the same letter, Cox accused the agency of failing to take the proper precautionary measures to protect federal workers: it keeps up to 780 separate pieces of information on each person, after all. “We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” he wrote.
Take note, however, that Cox and his team don’t have access to the investigation and are only basing all these from OPM’s sketchy and limited responses to their questions. An OPM spokesperson has denied allegations that the breach is bigger than the agency reported, though, telling NBC News that the official number of affected people remains the same: 4.2 million overall, including 1 million retirees, 2.1 million active civilian federal employees and 1.1 million separated workers.
If you recall, some authorities, including Sen. Harry Reid and Sen. Susan Collins, revealed that the government believes China is behind this security breach. The stolen data could be used for anything, from identity theft to blackmail. So if you’re a government employee and you receive a warning email from Homeland Security, take advantage of the credit monitoring and identity theft protection services the agency promised to offer.