Posted on 06/11/2015 7:02:35 PM PDT by 2ndDivisionVet
A hack announced last week affected all current and retired federal employees, and hackers got their hands on much more personal information than previously announced, the American Federation of Government Employees said Thursday.
A December breach of government systems containing personal information of millions of federal employees was worse than originally thought.
A union of federal workers said Thursday that the attack, announced last week, had stolen confidential information of every single federal employee, past or present -- far more than was previously revealed. The government disputes those claims.
It's the latest in a spree of damaging hacks against the government, including an attack in March 2014 that also involved federal employee records.
Hackers acting in the name of a political agenda, and those paid by other countries, have stepped up their efforts to breach U.S. government systems for a variety of reasons. In some cases, they've hoped to embarrass President Barack Obama's administration, and in others they've made statements about the US military. Successful attacks include a group that breached the CIA's public website, another that took control of the US military's Twitter feed, and a group that successfully intercepted the president's emails.
In this case, if the union is correct, the hack would be the first to affect every employee of any organization or company.
The union's allegations come a few months after Obama promised the federal government would work with companies to protect people from hacks and identity theft. Obama's administration has since blamed Chinese hackers for the breach of federal employee information.
"We believe that hackers are have every affected person's Social Security number, military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more," American Federation of Government Employees President J. David Cox wrote in a letter to the US Office of Personnel Management. Worse, he wrote the Social Security numbers of employees don't appear to have been protected with encryption algorithms, a standard security measure for sensitive information. Cox called the lack of adequate security controls "absolutely indefensible and outrageous."
Jackie Koszczuk, a spokeswoman for the Office of Personnel Management, said in the Associated Press report that every current and retired federal employee's records were compromised was not correct.
The letter was first obtained by the Associated Press.
The attack was first revealed last week, when the government said the personal information of 4 million federal workers had been breached. The union said it believes "the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees," Cox wrote.
The government has pledged to notify each affected employee of the hack and offer services to help counter any abuse of their information.
So, are they blaming El Presidente Obama?
If a Republican were President that would be all we would be hearing from the Government Employee Unions.
“This is about establishing a database for other reasons.”
What other reasons?
“Good...I hope every Fedgov employee is haveing a crap fit right now....how do you like your privacy invaded.”
This will have a chilling effect on potential new, smart employees.
Unfortunately, this will not stop (even more) idiots and crooks from applying.
YOu’d guess wrong. It was the OPM that got hacked. Everything housed in one nice, easy to reach, server bank.
Gov mandated “Electronic Health Records”...what could possibly go wrong?
http://www.cchfreedom.org/cchf.php/928#.VXpI_3pRGtU
I know a lot of federal employees. Many are good folks. There are a lot of conservatives in federal positions. Unfortunately, they're being overwhelmed by liberals. This hurts the good along with the bad.
Well does the Office of Personnel Management have files on ALL Government employees or just some of them?
No answer at this point. A question I have is what was actually hacked. If it's Office of Personnel Management, they not only have data on actual employees, but prospective employees as well. This could very well go beyond just federal employees.
So where’s Obama’s InfoSec Czar?
From what I understand, all, along with prospective hires. They deal with anyone hired by, and wanting to be hired by the fedgov according to their website.
What reason could there be for establishing a database that's threatening beyond the obvious financial reasons ... or for taking out SEALS? How is this different than normal identity theft - but on a much larger scale?
Here's a sentence from the OPM website: Beginning June 8 and continuing through June 19, OPM will be sending notifications to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident.
In fedgov speak Personally Identifiable Information (PII) is anything that could be used to identify an employee besides their name. The name is the key, and by itself is not PII, but anything with the name is - birth date, maiden name, address, phone number, ssn, mother/father/family information, marital status, sex, race, ethnicity, etc...
Not sure if it would include military - I thought it was just civilian. From OPM “every federal agency”. I know they do DOD civilians. I’m also not sure about the Post Office - technically not an agency, but I know they are considered government employees.
“As the central human resources planners for the Federal Government, OPM is responsible for the successful management of human capital, not only within our own organization, but also across every Federal agency. We assist Federal agencies in hiring new employees, provide Federal investigative services for background checks, create training programs to develop tomorrow’s leaders — and much more.”
An address may not be PII. It depends... For example, if an agency sent you a letter, the name and address appearing together on the outside of the envelope would not be considered protected PII.
OPM's website mentions 4 million hacked. Federal civilian employee numbers are listed at 2,663,000 and military at 1,459,000 for 2014. Legislative and judicial branch at 63,000. That's a current sum of 4,185,000. Sources: http://www.opm.gov/policy-data-oversight/data-analysis-documentation/federal-employment-reports/historical-tables/total-government-employment-since-1962/
and
Office of Management and Budget's definition: Personally Identifiable Information (PII). The term “PII,” as defined in OMB Memorandum M-07-1616 refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available — in any medium and from any source — that, when combined with other available information, could be used to identify an individual.
You're right, it depends, but think about a person who has an ex trying to hunt them down for less than savory reasons gaining access to that data.
I can only guess that we have been lazy and complacent about cyber security. My access card has PII that is apparently unencrypted. Makes it just too easy.
Sources for information comes immediately to my mind.
I have to laugh....NSA is suppost to catch all this and didn’t so just why did we have them ‘catch terrorists calls’????
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.