June 11, 2015 The hackers that infiltrated the Office of Personnel Management last year swiped the personal information of every federal employee working in government, a number potentially far greater than the 4 million previously reported, according to a labor union of government workers.
In a letter sent to OPM director Katherine Archuleta and obtained by National Journal, American Federation of Government Employees President J. David Cox wrote that the hackers stole social security numbers, birthdays, addresses, military records, job and pay histories and various insurance information, in addition to age, gender and race data.
"Based on the sketchy data OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of personnel data for every federal employee, every federal retiree, and up to one million former federal employees," Cox wrote in a letter dated Thursday.
"We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous," he added.
Cox said that the 18 months of credit monitoring and $1 million in liability insurance that OPM has offered affected employees is "entirely inadequate, either as compensation or protection from harm."
Last week federal officials announced that data of as many as 4 million former and current federal employees had been exposed. The breach occurred in December and was detected in April, officials said, and many have attributed the intrusion to China. The size of that hack was already considered one of the largest and most devastating on record. After the breach was announced, OPM signed a $20 million contract with a private cybersecurity company to provide identity-fraud protection services for affected employees.
Officials did not immediately respond to a request for comment.
Earlier on Thursday, the Senate rejected a push by Majority Leader Mitch McConnell to allow a cybersecurity measure to be added as an amendment to an ongoing debate over the National Defense Authorization Act. McConnell had tried to use news of the OPM hack to jam the bipartisan measure through, but Democrats—including some of the bill's supporters—argued that such important legislation was deserving of fuller debate.