Cyber Breach Much Worse Than Reported

US Government OPM Cyber Breach Much Worse Than Reported

The much publicized breach at the US government Office of Personnel Management (OPM) in May this year was much more serious than initially reported, in terms of the number of people affected, the quality of information breached, as well as the probable cost to American taxpayers.

While the breach was widely publicized shortly after it occurred, were revealed in a recent quarterly report released by NTT Group security company Solutionary. Our report published last week outlines the most prevalent types of cyber attack, as well as the most commonly identified forms of malevolent activity worldwide that were contained in the 22-page report. It also drew attention to the fact that more Malware attacks occur in the US than in any other country in the world.

The OPM breach is covered in some detail in the second quarter Solutionary report. Ultimately, it states that this Government breach won’t just affect people at this point in time, but it will also affect others in future, and is likely to impact on the integrity of any background investigation processes relating to millions of people for the next 10 to 20 years.

OPM is going to have to increase its identity threat protection services, and according to the report, will cost US taxpayers in excess of $220 million. Furthermore, these services won’t cover every taxpayer.

Extent of the OPM Breach

 

When the OPM breach was first discovered, the number of people said to be affected was four million. This figure quickly rose to 22 million, though the Solutionary report states this is probably a very misleading figure. The issue is that the records accessed were not only those of government employees, but also included personal data about family members and even friends, and so the number of people affected is likely to be closer to 132 million, and even this could be conservative. However the authors of the report state it will probably never be known just how big the breach was, but it is likely to have been “the biggest loss of private information ever.”

And it’s not just about numbers, but rather the “quality” of data that was accessed. The breach involves 127-page forms that require a huge amount of information, from names, addresses over the last 10 years, schools attended, social security numbers, passport numbers, financial statements and health statements. In a nutshell the information covers what you would expect to find in a combination of bank, employment, medical and school records.

While OPM hasn’t confirmed whether FBI, NSA, and CIA forms were classified or protected sufficiently to have escaped the breach, there is a possibility that they weren’t; and if not, someone with “malevolent intent” could do a lot of damage. Unfortunately, the report states, there is not way to know whether individuals at these government agencies are compromised or not, and it could take 10 to 20 years to find out.

Cost of the OPM Breach

The “real costs” associated with the OPM breach relate primarily to credit protection services the government has offered 4.2 million victims via the identity theft protection company, CSID for 18 months. An additional 22 million people will probably receive similar service – with costs likely to amount to an additional $200 million. High risk, as well as critically and specially sensitive individuals will also have to be vetted again to ensure they are in fact trustworthy. While it is not known how many people will be affected, based on the OPM charge of $4,000 for a “single scope background investigation,” if only 20 percent of the 22 million need to do this, it will cost another $18 million.

These costs don’t include lost services or any costs that could be incurred if or when victims are compromised further at a later stage.

This may not only be the biggest loss of sensitive information ever, but it may very well ultimately rank near the most expensive,” the report states. Further, since OPM isn’t the US federal government’s largest agency, and since the breach was discovered by accident, if these same levels of control are in place at larger agencies, the potential for similar breaches is very real.

By Penny Swift

Data Fallout.png
Holiday Photos.png
Growing Up.png
Recovery Experts.png
Gary Bernstein
Secure Remote Authentication When employees are working remotely, they need to be able to access company resources and applications just as if they were in the office. This means that remote authentication needs to be ...
Ronald van Loon
Supply Chain Challenges Supply chain and manufacturing environments are evolving rapidly in the face of industry 4.0 advancements and the continuation of the COVID-19 pandemic. Organizations across industries are trying to navigate this challenging landscape ...
Frank Suglia
Managing Data Sprawl Over the last two years, our world experienced a dramatic acceleration of digital transformation. The COVID-19 pandemic upended normal operations for many businesses and shifted the pace of technology adoption into warp ...
Gary Bernstein
Cloud Benefits in the HR Industry Cloud computing is the delivery of services like software and databases using the internet. These services are available at affordable rates and help businesses lower operating costs. Cloud computing ...
Bi Tools
BI Tools For Data Scientists Many data scientists prefer to use open-source framework to code scripts; after all, it’s something they already trust to work. Business intelligence tools like Qlik Sense, Power BI, or Tableau, ...