The government will only recover from the OPM hack when all of the affected employees retire, former intelligence officials told FedScoop.
Records detailing the lives of millions of federal employees were stolen last month in a data breach of the Office of Personnel Management. OPM conducts background checks on federal employees to vet them for security clearance and therefore holds a vast amount of sensitive data.
Former CIA director Michael Hayden told the outlet that the information accessed during the breach “remains a treasure trove of information that is available to the Chinese until the people represented by the information age off. There’s no fixing it.”
That process could take 40 years, another former CIA official explained. The youngest of the government’s current employees would have to reach retirement in order for the stolen information to become irrelevant. “You have provided the Chinese with the pool of contractors and employees who have access to classified information,” the former official told FedScoop. “This represents a target pool of possible recruitments with a list of their vulnerabilities.”
U.S. officials fear that the hackers — presumed to be working for the Chinese government — will use the information to recruit spies who currently hold security clearances. OPM uses a questionnaire known as Standard Form 86, which includes mental health history, drug use, and lists of family members, to investigate the backgrounds of federal employees, and this personal information was taken during the breach.
As these employees age out of federal agencies, the information will pose less of a national security threat. But even as they retire, federal employees will still face the repercussions of having their data compromised. Employees are in danger of identity theft, and that threat will not vanish when they retire. “I am far from convinced that steps taken so far by OPM to mitigate the impact to civilian employees and their families are sufficient, nor am I confident the steps taken to protect information, employees, and their families in the future are adequate,” House Armed Services Committee Chairman Mac Thornberry told FedScoop.
The government has committed to providing identity theft protection for employees, although the exact cost of this service is not yet clear.
- Companies are sorry about security flaws. Just not sorry enough to change
- Equifax could make money from its own breach; 2.4 million more are exposed
- Intel warned Chinese tech firms of security flaws before telling U.S. government
- Japan to crack down on cryptocurrency exchanges after high-profile hacks
- What does Grindr’s acquisition by a Chinese company mean for users?