Home > Web > Investigation reveals U.S. government data breach…

Investigation reveals U.S. government data breach affected 21.5 million people

The investigation into the recent U.S. government data breach has revealed disconcerting new information. According to the interagency task force’s findings so far, 21.5 million people had their personal information compromised. The Office of Personnel Management updated its website today with the new information, sharing that it has “concluded with high confidence” that Social Security numbers were among the stolen records.

Related: LastPass suspects a breach, meaning it’s time for a password change

According to the OPM, it discovered in April 2015 that 4.2 million former employees’ personnel data had been hacked, and only while investigating the breach did the larger one come to light. Those affected haven’t been notified yet, but the government agency revealed that 19.7 million were individuals who had applied for background checks, while an additional 1.8 were not applicants at all. Of the non-applicants, a majority were either married to or cohabiting with an applicant.

User names and passwords created by applicants for their background investigation forms were also stolen in the cyberattack. Those who conducted interviews as part of their background investigations may also have had information about their mental health and financial history compromised. Even about 1.1 million people’s fingerprints were among the records.

Related: The FBI hasn’t stopped its quest to get access to encrypted data

As a silver lining, though, OPM shared that “there is no evidence that health, financial, payroll, and retirement records of federal personnel or those who have applied for a federal job were impacted by this incident (for example, annuity rolls, retirement records, USAjobs, Employee Express).” The agency assures the public that it’s working to create safeguards to prevent such incidents in the future.

Security breaches have unfortunately become an increasingly common reality. In recent years, hackers have managed to mine sensitive information from several high-profile companies, including Target, Google, and Premera.