Federal Employee Data Hack Discovered Through Product Demo, Says Report; Union Discloses Info Breached By Chinese Hackers
A report on the recent federal employee data hack by the Chinese disclosed that its discovery was made during a product demo supposedly showcasing how a cybersecurity software works.
On the first week of June, the United States government made an announcement that federal employee data from the Office of Personnel Management or OPM have been hacked by Chinese hackers, although the government refused to categorize the hackers more specifically as state-sponsored.
The Wall Street Journal published an update on the story that CyTech Services demonstrated its CyFIR, a forensics software package, by running a diagnostics scanning of OPM’s network. The malware was then found buried in the network.
The federal intrusion via malware might have commenced last year, according to federal investigators. Though U.S. intelligence agencies already took part on the investigation, the government has not made any announcement on what particular data have been breached.
But J. David Cox, union president of the American Federation of Government Employees, said in a letter sent to Katherine Archuleta, OPM director, that the targeted database of the hack was the Central Personnel Data File and for that matter, “the hackers are now in possession of all personnel data for every federal employee, federal retiree” and former employees of the federal government numbering to a million.
Cox continued on his letter: “We believe that hackers have every affected person’s Social Security number[s], military records and veteran’s status information.”
Also included in the breach were personal data such as date of birth, job and pay history as well as life and health insurances and pension information. Cox also lamented on the truth that their “Social Security numbers were not encrypted,” which for the union president was an “absolutely indefensible and outrageous” cybersecurity failure.
The letter also mentioned that the OPM’s offer of $1 million liability insurance and 18 months of credit monitoring were not sufficient either for protection from any harm or for compensation because according to Cox, what the OPM owes to its employees are free lifetime credit monitoring and liability insurance, covering the whole of any loss anchored from the breach.
Rubbing Salt To The Wound
Cox also lambasted OPM’s outsourcing CSID, a contractor tasked to answer questions from the affected employees, labeling the act as adding insult to injury and posited that the terms of the contract obviously did not include an access to “a living, breathing human being knowledgeable enough to answer the questions.”
On behalf of the MFGE federal employee union, Cox implored the OPM to reconsider its decision as federal employees victimized by the encroachment deserve a website that is not difficult to maneuver or call center contractors who are knowledgeable beyond the usual Frequently Asked Questions.