OPM Hackers Could Be Building Personal Databases

Jun 6, 2015
Originally published on June 6, 2015 12:44 pm
Copyright 2015 NPR. To see more, visit http://www.npr.org/.

Transcript

SCOTT SIMON, HOST:

The U.S. government revealed this week there's been a massive cyber attack on the agency that stores the records of federal employees - the Office of Personnel Management. The personal data on 4 million people may have been stolen. The source of the attack is unknown. OPM says it will begin to notify people who may have had data taken from them on Monday, as NPR's Aarti Shahani reports.

AARTI SHAHANI, BYLINE: OPM can't know for sure what data the hackers copied and pasted, but the agency says it'll be as specific as possible when informing people. And OPM will offer victims 18 months of credit monitoring, as well as up to $1 million in cyber insurance coverage. Critics say that's not meaningful protection.

JOHN PRISCO: That seems to be the standard present that's given to people when they have their lives disrupted by this sort of thing.

SHAHANI: John Prisco is CEO of Triumphant, a company that tries to identify cyber attacks early on.

PRISCO: One thing you have to keep in mind is that these adversaries are very patient; they're very good. And they'll use this information two, three, five years from now.

SHAHANI: It's not clear yet who stole the data and why. One camp says the hackers are state-sponsored from China and are planning a long-term campaign of cyber espionage to steal intellectual property. Prisco says even if that's true, a subset of hackers could also decide to open up bank accounts down the line. Social Security numbers and dates of birth don't change.

PRISCO: Now that it's in the hands of criminals, they have no obligation to keep the information confidential. And the information can be used for espionage, but it also can be used to take out credit.

SHAHANI: Security experts say they have not seen stolen personal records from OPM or from prior breaches like Anthem or Premera show up for sale on black market sites. It's possible that hackers are building databases on individuals who are deemed particularly valuable for their financial worth or their access to U.S. state secrets. Aarti Shahani, NPR News, San Francisco. Transcript provided by NPR, Copyright NPR.