Second Hack Attack Gained Access to Government Security Clearance Information

Are the feds still going to lecture us on how they should set the standard for cybersecurity?


Stian Eikeland / Foter

Still in the process of cleaning up—or maybe just spinning—in the wake of last week's revelation that hackers based in China gained access to millions of Office of Personnel Management records on current and former federal government employees, officials now face reports of a second and even more serious cybersecurity breach. The Associated Press reports that Chinese hackers "appear to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances." And not just a few inconvenient bits of information. They appear to have nabbed lots of data.

According to the AP report:

The forms authorities believed to have been accessed, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant is required.

The officials spoke on condition of anonymity because the security clearance material is classified.

The security-clearance records provide "a very complete overview of a person," said Evan Lesser, managing director of ClearanceJobs.com, a website that matches security-clearance holders to available slots. "You don't need these records to blackmail or exploit someone, but it would sure make the job easier."

The report cites officials saying that "[n]early all of the millions of security clearance holders, including CIA, National Security Agency and military special operations personnel, are potentially exposed in the security clearance breach."

Once again, the cornucopia of handy information seems to have found its source in the Office of Personnel Management, which does not yet have a notice up about the latest fumble.

Even before the latest revelation, government officials were debating whether hackers gained access to records on as many as 14 million Americans, or "only" the four million originally reported. The newly revealed fiasco should make the conversation that much more interesting.

The federal government has been actively battling against privacy advocates, the tech industry, and the general public in an effort to restrict the privacy tools that people can use to protect their personal information. D.C. officials would seem to be losing credibility in that debate.

The OPM is offering credit monitoring services to federal employees (that's all of them) affected by the first breach. We'll wait to see if they offer blackmail monitoring this time around.