U.S. Sharply Escalates Number of Files Exposed in OPM Hack

 

U.S. Sharply Escalates Number of Files Exposed in OPM Hack

 

Officials say 19.7 million background clearance files, 1.1 million fingerprint files were stolen

By DAMIAN PALETTA And  DANNY YADRON
Wall Street Journal

Updated July 9, 2015

 

WASHINGTON—Hackers who broke into the U.S. Office of Personnel Management’s computer network stole 19.7 million background investigation forms and 1.1 million fingerprint records, the agency disclosed Thursday, a sharp escalation in the government’s assessment of the damage caused by the hack.

The agency said hackers likely stole every single background investigation form completed since 2000 and some completed prior to that time.

In addition to the background clearance forms, hackers had access to an additional 1.8 million Social Security numbers, largely because personal information of spouses and children must be listed on security-clearance applications. The most common of these forms is the Standard Form 86 that many federal employees and contractors must complete before they can be hired for sensitive government jobs. Those forms are held often in an unencrypted fashion on OPM’s computer networks.

The theft of these forms represents a major national-security and intelligence failure, given that they contain records of past drug use, mental health and contacts with people overseas and other sensitive information that could prove useful to a foreign intelligence agency.

If a foreign intelligence service stole records of 20 million U.S. officials, it could use the information for blackmail, counterintelligence or to determine the foreign contacts of U.S. officials.

“Just imagine if you were a foreign intelligence service and you had that data, how it might be useful,” FBI Director James Comey told reporters on Thursday.

He wouldn’t say how U.S. officials are responding to the theft, but he said “obviously this is the subject of a lot of conversation and work in the U.S. government.”

Multiple U.S. officials have said they believe Chinese hackers were behind the breach, though Chinese officials have denied involvement. White House and OPM officials did not return requests for comment on Thursday.

OPM Director Katherine Archuleta had previously acknowledged that as many as 18 million background clearance forms were stored at OPM, but said several weeks ago it was unclear how many had been accessed.

The news raises the stakes for the hack and its impact. Previously, OPM officials had said 4.2 million personnel files had been potentially compromised. These largely contain less sensitive information, such as performance reviews, although they also include social security numbers. Hackers broke into OPM’s network sometime in 2014 though the breach wasn’t discovered until April of this year.

OPM said Thursday that “there is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.”