WASHINGTON – The Office of Personnel Management (OPM) and the White House on Thursday disclosed that the OPM data breaches revealed last month were far broader than the Obama administration has admitted: They involved an additional 21.5 million people, including federal employees’ spouses and children, and biometric data for 1.1 million employees.
In early June, the OPM revealed it had been the target of a breach affecting the personnel records of 4.2 million federal employees, only to reveal days later that a related breach affected an undisclosed number of far more sensitive files. Public reports later revealed that the FBI had suggested that number could be as high as 18 million people.
This data breach at the OPM affecting background investigations is only the most recently discovered of five data breaches at the agency over the past three years. It is significant both for its size — it is the largest data breach the federal government has ever announced — and for the data stolen, which was the most sensitive unclassified information the federal government holds on its employees. The loss of these records could endanger federal employees working in sensitive positions abroad as well as those employees’ families and friends. The loss may also make domestically stationed federal employees more susceptible to foreign influence.
Sen. Ron Johnson (R-Wis.), chairman of the Senate Committee on Homeland Security and Governmental Affairs, said, “The OPM has finally confirmed what the news media and the FBI have been saying about the data breach for the past month — this unprecedented hack was over five times what we were initially told. Today’s announcement shows not only that cybersecurity on federal agency networks has been grossly inadequate but that the management of the OPM is not up to the task of fixing the problem. The agency and the administration have not even been able to correctly define the scope of the problem. This will have grave consequences for national security.”