4 Million Federal Employees Are The Latest Victims Of A Massive Data Breach

There are millions of federal employees in the country, and not just in Washington, DC. The government is a big bureaucracy and a big employer — and that makes it a nice, juicy target for a big data breach.

The Office of Personnel Management — effectively, the HR/personnel department for the entire federal government — announced late yesterday that its systems had been hacked, and that as many as 4 million current and former federal employees’ personal data is at risk. Officials pointed the finger at Chinese hackers, the Washington Post reports.

The breach was first detected in April. Neither the FBI, which is investigating the breach, nor OPM have yet said specifically what data was taken, but in May the FBI concluded that personal records had indeed been breached.

OPM has said that the hackers no longer have access to the system, but that may not stop them from trying again. And in fact, this wasn’t the first time either. OPM was also the target of a data breach in 2014. In that instance, however, neither officials nor investigators confirmed what personal records had been accessed.

OPM did make upgrades to their systems and policies in the wake of the 2014 attack. Those changes were what allowed them to discover this intrusion, the agency’s chief information officer told the Washington Post. The hackers also attacked a different system, using a previously undiscovered vulnerability, than in the 2014 intrusion.

For a significant number of federal workers, this is the second time just this year their personal data has been stolen. The breach at health care provider Anthem, detected earlier this year, affected over 1.3 million federal employees as well. And that’s without even getting into other federal systems hacks, like the Russian-backed intrusion into State Department e-mail.

A spokesperson for China’s foreign ministry dismissed the accusations, saying, “It’s irresponsible and unscientific to make groundless accusations without deep investigation and research.”

OPM will be notifying victims of the breach that their records were accessed and providing credit report monitoring and identity theft protection services to those affected. They will be sending out notices from June 8 through 19.

Chinese breach data of 4 million federal workers [Washington Post]