Skip to main content

OPM: Data Breach Affected 25 Million

WASHINGTON — The U.S. Office of Personnel Management on Thursday (July 9) increased the total number of current and former federal employees — as well as spouses, partners and those who tried but failed to get a government job — affected by two separate data breaches to more than 25 million.

According to an update on the two cybersecurity breaches, the OPM said that while investigating the theft of Social Security numbers, addresses and other information on 4.2 million people, it discovered last month that sensitive information from an additional 21.5 million people, who had supplied data for background checks, had had their personal information stolen.

The good news is that apparently no health or financial records were affected. The other good news is that, at least to date, the OPM said there is nothing to suggest the stolen information has been misused.

Those highly likely to have been affected include everyone who underwent a background check investigation dating from 2000, and perhaps even before, though that is less likely, the OPM said.

At about the same time the OPM was releasing its new and newly troubling figures, bipartisan leaders of the House Energy & Commerce Committee requested info from the Federal Trade Commission and Consumer Financial Protection Bureau on consumer protections following data breaches.

“It may be possible to streamline the process to reduce fraud following a breach. Therefore, we are writing to learn more about consumer-friendly post-breach protections, including whether the process of activating and inactivating a credit freeze can be made more efficient and less costly,” the lawmakers said.

They also want a briefing from each agency by July 20.

Signing on to the letter were the Energy and Commerce Committee chairman Rep. Fred Upton (R-Mich.) and ranking member Rep. Frank Pallone, (D-N.J.); Commerce, Manufacturing, and Trade Subcommittee chairman Michael C. Burgess (R-Tex.) and ranking member Jan Schakowsky (D-Ill.); and Oversight and Investigations Subcommittee chairman Tim Murphy (R-Pa.) and ranking member Diana DeGette (D-Colo.).

Sen. Ron Johnson (R-Wis.), chairman of the Senate Committee on Homeland Security and Governmental Affairs,was not pleased with the news. “The OPM has finally confirmed what the news media and the FBI have been saying about the data breach for the past month — this unprecedented hack was over six times what we were initially told," he said in a statement. "Today’s announcement shows not only that cybersecurity on federal agency networks has been grossly inadequate but that the management of the OPM is not up to the task of fixing the problem. The agency and the administration have not even been able to correctly define the scope of the problem. This will have grave consequences for national security.”