Hackers have personnel data on every federal employee
WASHINGTON (AP) — Hackers stole personnel data and Social Security numbers for each and every federal employee, a government worker union stated Thursday, saying that the cyber theft of U.S. employee data was more damaging than the Obama administration has acknowledged.
Sen. Harry Reid, the Democratic leader, said on the Senate floor that the December hack into Office of Personnel Management data was carried out by “the Chinese” without specifying whether he meant the Chinese government or individuals. Reid is one of eight lawmakers briefed on the most secret intelligence information. U.S. officials have declined to publicly blame China, which has denied involvement.
J. David Cox, president of the American Federal of Government Employees, mentioned in a letter to OPM director Katherine Archuleta that based on OPM’s internal briefings, “We believe that the Central Personnel Data File was the targeted database, and that the hackers are actually in possession of all personnel data for each federal worker, every federal retiree, and as much as a million former federal employees.”
The OPM data file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs.
The union believes the hackers stole military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; and age, gender and race data, he said. The letter was obtained by The Associated Press.
The union said it is basing its assessment on internal OPM briefings. The agency has sought to downplay the damage, saying what was taken “could include” personnel file information such as Social Security numbers and birth dates.
“We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” Cox said in the letter. The union called the breach “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”
Samuel Schumach, an OPM spokesman, said that “for security reasons, we will not discuss specifics of the information that might have been compromised.”
The central personnel data file contains up to 780 separate pieces of information about an employee.
Cox complained within the letter that “very little substantive information has been shared with us, despite the fact that we represent greater than 670,000 federal staff in departments and agencies throughout the executive branch.”
The union’s release and Reid’s comment in the Senate put into sharper focus what is looking like a massive cyber espionage success by China. Sen. Susan Collins, an intelligence committee member, has also said the hack came from China.
U.S. intelligence officials say China, like the U.S., spies for national security advantage. Unlike the U.S., they say, China also engages in large-scale theft of corporate secrets for the benefit of state-sponsored enterprises that compete with Western companies. Nearly every major U.S. company has been hacked from China, they say.
The Office of Personnel Management is also a repository for extremely sensitive data assembled by means of background investigations of staff and contractors who hold security clearances. OPM’s Schumach has stated that there’s “no proof” that information was taken. But there’s rising skepticism amongst intelligence agency staff and contractors about that claim.
In the Senate on Thursday, Democrats blocked a Republican effort to add the cybersecurity bill to a sweeping defense measure. The vote was 56-40, four votes short of the number necessary.
Democrats had warned of the dangers of cyber spying after the theft of government personnel files, but Democrats voted against moving ahead on the legislation, frustrated with the GOP-led effort to tie the two bills together. President Barack Obama has threatened to veto the defense legislation over budget changes by the GOP.
“The issue of cyber security is simply too important to be used as a political chit and tucked away in separate legislation.” Sen. Chris Coons, D-Del. mentioned.
Associated Press writers Donna Cassata and Eric Tucker contributed to this report.