The US Office of Personnel Management (OPM) recently released details about two cybersecurity incidents that impacted the data of Federal employees, contractors and others. In April 2015, it was discovered that the security incident led to the breach of 4.2 million current and former employees. While investigating this incident, it was discovered the breach was larger than originally thought.
The OPM now says that 21.5 million individuals were affected by this breach, with information including Social Security Numbers (SSNs), residency information as well as detailed personal and financial information from background investigations. This applies to those who applied for a background investigation, as well as some non-applicants. Other news organizations are stating that the breach may be as high as 25 million individuals affected, which is about 7% of the US population.
This breach has many concerned given the detailed level of information involved, particularly if those affected are federal workers, military personnel or those with high security clearances. The source of the hack has been connected to China, causing many to be concerned over the future use of the stolen information.
The OPM has already faced many congressional hearings and is facing two lawsuits (so far) related to the breach already. It has come to light that the OPM may have a history of overlooking issues with its IT infrastructure that may have contributed to the breach. While this breach certainly is one of the most concerning to date, it also offers valuable learning opportunities for both public and private organizations: