The U.S. agency announced today that more than 22 million people inside and outside the government were likely to have had their personal information stolen by the suspected Chinese hackers. The major breach acknowledged a month ago by the Office of Personnel Management were more than five times larger. This amounts to 4.2 million current and former personnel records had been compromised.
The OPM (Office of Personnel Management) stated that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen, and 1.8 million relatives and other associates also had information taken. And the 3.6 million of the current and former government employees - a 22.1 million in total.
A statement of from OPM today says,"If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach."
The press release of the OPM detailed that their assistance will be provided to those affected, including credit and fraud monitoring, identity theft insurance and full service identity restoration support and victim recovery assistance. The OPM spokesman stated that the services are still contracting out by the agency, and they can't estimate how much it would cost to taxpayers.
The federal employees' Unions criticized the OPM regarding the amount of information and assistance they provide. The federal government is being sued by two unions on behalf of their members.
And the US government was accused by the American Federation of Government Employees that the number of people affected and the extent of the compromised records is less important.
Chris Wysopal, a security expert at Veracode, a company that checks source code used in 90 percent of software applications for known flaws, stated, "There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM's systems," Wysopal also said: "While we haven't seen the personal information being used yet, this is to be expected. It's rare that information that can be used for blackmail or as precursor information for phishing attacks would be seen being used.