Skip to content

Hackers Have Stolen Background Data on All Security Clearances

2015-06-16

The White House announced a further increase in the number of hacked personnel records discovered in the last few months: up to 14 million records have been exposed of people who applied for security clearances for civilian jobs with the government.  These records include the background information that is requested from those who want security clearances: arrests, drug use, health information, birth dates, Social Security numbers, employment histories and pay data, military records, veteran status, addresses, health and life insurance, ages, genders, and race data, and so on.  There are currently 2.5 million civilian government employees, so most of the data includes former employees and applicants.  The Office of Personnel Management keeps these records, and based on briefings that employee unions have received, they say that information for all current federal employees, all retirees, and a million former employees has been exposed.

The White House has stated that the Chinese are responsible for this data breach, although the Chinese government has denied it.  Whoever has the data, they are in possession of material that could be used for blackmail, for impersonation of individuals, or many other nefarious purposes.

The Associated Press story that revealed this information states that, since the defection of Edward Snowden and his revelations about American surveillance activities, it has become more difficult to recruit new government employees, especially in the security services.  This new data breach will surely make it even less attractive to apply for a security-classified job with the US government.

The amount and sensitivity of the information that has been breached makes the security of government computer systems look poor indeed.  There is no surprise that this embarrassing revelation has been quietly announced, in parts, over a period of weeks.  Government officials do not wish to make a lot of fuss over the news and have minimized the size of the breach, only gradually admitting to its full extent with a series of partial announcements.

Now that the breach has been, apparently, fully announced, we are left with a dilemma: what, if anything, can be done about it?  It appears that we have been left fully exposed to a potentially deadly weakness.  From now on, security personnel must look carefully for potential uses of this information in operations that damage the country’s security in new and dangerous ways.  Any improvements in information security now will be necessarily after the fact and really not very helpful, so to speak, after the horse has left the barn.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: