Cyber Breach Much Worse Than Reported

US Government OPM Cyber Breach Much Worse Than Reported

The much publicized breach at the US government Office of Personnel Management (OPM) in May this year was much more serious than initially reported, in terms of the number of people affected, the quality of information breached, as well as the probable cost to American taxpayers.

While the breach was widely publicized shortly after it occurred, were revealed in a recent quarterly report released by NTT Group security company Solutionary. Our report published last week outlines the most prevalent types of cyber attack, as well as the most commonly identified forms of malevolent activity worldwide that were contained in the 22-page report. It also drew attention to the fact that more Malware attacks occur in the US than in any other country in the world.

The OPM breach is covered in some detail in the second quarter Solutionary report. Ultimately, it states that this Government breach won’t just affect people at this point in time, but it will also affect others in future, and is likely to impact on the integrity of any background investigation processes relating to millions of people for the next 10 to 20 years.

OPM is going to have to increase its identity threat protection services, and according to the report, will cost US taxpayers in excess of $220 million. Furthermore, these services won’t cover every taxpayer.

Extent of the OPM Breach

 

When the OPM breach was first discovered, the number of people said to be affected was four million. This figure quickly rose to 22 million, though the Solutionary report states this is probably a very misleading figure. The issue is that the records accessed were not only those of government employees, but also included personal data about family members and even friends, and so the number of people affected is likely to be closer to 132 million, and even this could be conservative. However the authors of the report state it will probably never be known just how big the breach was, but it is likely to have been “the biggest loss of private information ever.”

And it’s not just about numbers, but rather the “quality” of data that was accessed. The breach involves 127-page forms that require a huge amount of information, from names, addresses over the last 10 years, schools attended, social security numbers, passport numbers, financial statements and health statements. In a nutshell the information covers what you would expect to find in a combination of bank, employment, medical and school records.

While OPM hasn’t confirmed whether FBI, NSA, and CIA forms were classified or protected sufficiently to have escaped the breach, there is a possibility that they weren’t; and if not, someone with “malevolent intent” could do a lot of damage. Unfortunately, the report states, there is not way to know whether individuals at these government agencies are compromised or not, and it could take 10 to 20 years to find out.

Cost of the OPM Breach

The “real costs” associated with the OPM breach relate primarily to credit protection services the government has offered 4.2 million victims via the identity theft protection company, CSID for 18 months. An additional 22 million people will probably receive similar service – with costs likely to amount to an additional $200 million. High risk, as well as critically and specially sensitive individuals will also have to be vetted again to ensure they are in fact trustworthy. While it is not known how many people will be affected, based on the OPM charge of $4,000 for a “single scope background investigation,” if only 20 percent of the 22 million need to do this, it will cost another $18 million.

These costs don’t include lost services or any costs that could be incurred if or when victims are compromised further at a later stage.

This may not only be the biggest loss of sensitive information ever, but it may very well ultimately rank near the most expensive,” the report states. Further, since OPM isn’t the US federal government’s largest agency, and since the breach was discovered by accident, if these same levels of control are in place at larger agencies, the potential for similar breaches is very real.

By Penny Swift

David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web. This is the prime reason why web accessibility is conceived ...
The Top 20 Cybersecurity Startups To Watch In 2021

The Top 20 Cybersecurity Startups To Watch In 2021

20 Cybersecurity Startups Cybersecurity, privacy and security startups have raised $1.9 billion in three months this year, on pace to reach $7.6 billion or more in 2021, over four times more than was raised throughout ...
Martin Mendelsohn

How Will COVID-19 Impact Security Talent?

New Security Talent As we emerge from the era of COVID-19, unemployment will recede, and new jobs will be created more rapidly than jobs were lost between March and May of this year. We’re already ...
Yuri Sagalov

IT Culture Clash Where Employees Use Multiple Devices To Collaborate

Employees use multiple devices to collaborate It used to be that company IT decision makers could simply dictate the software that business units would use. However, in today’s business the IT culture clash where employees ...
Anita Raj

Post-COVID: What decisions are leaders taking about digital transformation in 2021?

Digital transformation in 2021 If organizations were once only talking about digital transformation (DX), in 2020, it was all about translating that talk into some real action. When the pandemic hit and businesses were disrupted, ...
Mark Rochester

Why Remote Migrations are Essential for Business Continuity

Remote Business Continuity We are approaching a banner year for the cloud. The COVID-19 pandemic has highlighted the importance of cloud technology to enable resilience and business continuity, and it will be a critical time ...