The Office of Personnel Management is the government’s Human Resources department and it was recently disclosed that their database has been hacked by an outside party. The government had said the breach exposed personal information of approximately four million people including Social Security numbers, birthdates and addresses of current or former federal workers – but a new report shows that the hackers (who are believed to be from China) may have also accessed SF-86 forms which are documents used by government officials to conduct background checks for worker security clearances.
SF-86 forms disclose a lot of additional information including things like friends, spouses and other family members as well as each applicant’s past interactions with foreign nationals, and in the case of high security clearance individuals that information might be a serious cause for concern outing foreign operatives and making them vulnerable in their own country.
There are also questions about the actual number of people affected by the breach with Bloomberg now reporting that the original figure of four million may actually be a lot closer to 14 million individuals including current and former federal employees along with many contractors dating all the way back to the 1980s.
A story like this has a strong chilling effect, and it should. Even with the full power of the federal government behind it, the OPM Security system was breached and sensitive data was extracted. While NationalNet follows all of the industry best practices and maintains the most current security protocols possible, we also acknowledge that the world currently exists in an environment that makes virtually any bit of data accessible to entities that are clever and persistent enough to access it. Data security in 2015 is as much about strategy as it is about technology. Keeping sensitive files offline unless online versions are necessary, moving data, partitioning it and continually taking steps to change the way things are stored or where they are stored is an essential component of a strong defense. Leaving it all in one place, neatly assembled together and using the same security measures without evolving them over time is begging to be breached – whether you are the federal government or any private commercial business.