The Office of Personnel Management Thursday has upped the total number of current and former federal employees, as well as spouses and partners and those who tried but failed to get a government job, affected by two separate data breaches at north of 25 million.
According to an update on the two cybersecurity breaches, OPM said that while investigating the theft of Social Security numbers, addresses and other info from 4.2 million people, it discovered last month that sensitive info from an additional 21.5 million people, who had supplied info for background checks, had their personal information stolen.
The good news is that apparently no health or financial records were impacted. The other good news is that, at least to date, OPM said there is nothing to suggest the stolen information has been misused.
OPM said those highly likely to have been affected include everyone who underwent a background check investigation dating from 2000, and perhaps even before, though that is less likely.
At about the same time OPM was releasing its new and newly troubling figures, bipartisan leaders of the House Energy & Commerce Committee requested info from the Federal Trade Commission and Consumer Financial Protection Bureau on consumer protections following data breaches.
“It may be possible to streamline the process to reduce fraud following a breach. Therefore, we are writing to learn more about consumer-friendly post-breach protections, including whether the process of activating and inactivating a credit freeze can be made more efficient and less costly,” they said.
They also want a briefing from each agency by July 20.
Signing on to the letter were Energy and Commerce Committee chairman Fred Upton (R-Mich.), ranking member Frank Pallone, (D-N.J.), Commerce, Manufacturing, and Trade Subcommittee chairman Michael C. Burgess, M.D. (R-Texas) and ranking member Jan Schakowsky (D-Ill.), and Oversight and Investigations Subcommittee chairman Tim Murphy (R-Pa.) and ranking member Diana DeGette (D-Colo.).
Sen. Ron Johnson (R-Wis.), chairman of the Senate Committee on Homeland Security and Governmental Affairs,was not pleased with the news. “The OPM has finally confirmed what the news media and the FBI have been saying about the data breach for the past month — this unprecedented hack was over six times what we were initially told," he said in a statement. "Today’s announcement shows not only that cybersecurity on federal agency networks has been grossly inadequate but that the management of the OPM is not up to the task of fixing the problem. The agency and the administration have not even been able to correctly define the scope of the problem. This will have grave consequences for national security.”
