The Office of Personnel Management (OPM) informed AFGE Thursday evening that the personal information of all 2.1 million current federal employees and an additional 2 million federal retirees and former federal employees may have been compromised during a Chinese cyberattack.
The attack targeted personnel records of federal employees and retirees maintained on computers by OPM. These personnel records contain Social Security numbers, military records, veterans status, pay, position, educational records, name, address, date of birth, marital status, information on dependents, health insurance, life insurance.
OPM says it discovered the breach in April but that the breach apparently occurred late last year.
The agency says everyone whose data was compromised will receive notifications by either email or postal mail beginning June 8. Those affected by the breach will be able to get more information on a special website,www.csid.com/opm, or by calling toll-free 844-777-2743. International callers should call 512-327-0705.
“AFGE is working closely with the Administration to determine the extent of the breach and explore ways to remediate it,” said AFGE President J. David Cox Sr. “We will work with the Administration to ensure that all available measures be taken to secure the personal information of all affected employees, and that these measures be implemented as soon as possible. AFGE will demand accountability and will take every necessary step to see that the interests and security of the nearly 700,000 people we represent are addressed.”
AFGE is sharing with our members details on how to ensure that their personnel information is safe and will be working with OPM and the administration to safeguard employees’ data going forward.
According to OPM, the cyberattack took place before the adoption of the tougher security controls. OPM is working with the Department of Homeland Security and the FBI to determine the full impact to federal employees.
This is the second time in less than a year that OPM’s records were breached. In March 2014, Chinese hackers gained access to personnel files maintained by OPM on tens of thousands of federal employees who have applied for top-secret security clearances.
In addition, two OPM contractors who conduct background investigations on behalf of the federal government – U.S. Investigations Service and Key Point Government Solutions – had had their systems hacked last year, potentially exposing personal information of about 75,000 federal employees. OPM stopped doing business with USIS over an unrelated issue but KeyPoint remains the lead contractor conducting background investigations.
OPM is not the only agency hit by cyberattacks. Last fall the White House’s and the State Department’s networks were breached by Russian hackers. The Pentagon’s Twitter and YouTube accounts were hacked earlier this year. In 2011, the Pentagon’s 24,000 sensitive files were stolen during a major cyberattack.