OPM 4M-Record Data Theft Linked to Recent HIPAA Data Breaches

Yesterday, the Office of Personnel Management announced it suffered a data breach in which hackers were able to gain the confidential records of some 4,000,000 employees. Worse still, the ONC provides security clearances and the data stored on individuals is extensive, including personal information and highly sensitive information provided by friends and family.

Such detailed data can be used to commit fraud in the hands of criminals, but in if the hack originated from government-backed individuals, the threat is more serious and may not be financial in nature. The major worry is that such highly detailed information could be used to blackmail and bribe government workers. The perpetrators potentially have 4 million individuals to choose from.

Furthermore, the records stolen do not appear to be limited to ONC workers: Other government workers have also potentially being affected. According to the Associated Press, “A U.S. official, who declined to be named because he was not authorized to publicly discuss the data breach, said it could potentially affect every federal agency.”

In addition to highly sensitive data relating to security clearance, the OPM’s chief information officer, Donna Seymour, said the data stolen included information that was standard for personnel files, such as Social Security numbers, dates of birth, places of birth and benefit selections, but not financial information or health data.

Government-Backed Chinese Hackers Blamed


Highly sophisticated attacks on government organizations does not tend to be the work of bored, technically gifted U.S teenagers, instead they tend to be perpetrated by teams of hackers operating at the highest level, often emanating from countries where governments invest heavily in cybersecurity; not with the aim of protecting data from attacks, but obtaining it from the United States.

Parallels have already been drawn with the Sony Pictures hack last year, which exposed sensitive data on a scale rarely seen. That attack was attributed to North Korea, a country known for its government investment in cyber espionage and attacks on the West. The latest attack appears to emanate from China, and was discovered by the federal government’s intrusion detection system, EINSTEIN.

The system monitors internet traffic and raises the alarm should individuals gain access. An investigation is underway, and questions will certainly be asked about how 4 million records were obtained before the alert was raised an access shut down.

Senate Intelligence Committee member, Susan Collins, spoke out about the attack and blamed the Chinese, and also said this is “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances”.

Conversations have taken place between Washington and Beijing, but as always, the Chinese claim that their country does not support cybercriminals and that China is not behind the attack.

What is not clear at this stage is why the attack took place, whether it was for the purposes of espionage for financial gain, political reasons or some as yet unknown motive. That may or may not become clear over the coming weeks.

The FBI and the Department of Homeland Security are conducting a detailed investigation of the data breach.

Links Drawn with the Cyberattacks on Anthem and Premera Health


Whenever a large-scale data breach is reported, it is natural for similes are drawn with other serious cyberattacks. The link with Sony Pictures has been drawn, but that is not the only data breach to share some of the hallmarks with the OPM data breach.

In February, Anthem Inc., and Premera Health announced data breaches on a scale never before seen in the healthcare industry. Those two data breaches resulted in the theft of 78.8 million and 11-million records respectively.

John Hultquist, head of cyber-espionage threat intelligence at Dallas-based cybersecurity firm, iSight Partners Inc., told Bloomberg News that his company’s researchers have identified a link between the Anthem data breach, the Premera Health hack and the recent OPM cyberattack.

He said that the hackers used tactics that amounted to a “digital fingerprint” which allowed the company’s researchers to draw a link between all three attacks. Hultquist said he has “high confidence” that the perpetrators of the attack are the same group of hackers.

However, he could not shed any light on the motivation behind the attacks. “We’re still struggling to understand why this sort of data is being targeted,” he said.

ISight works closely with federal investigators of government departments, but it has not been confirmed if the firm is involved in the investigation of the OPM attack.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.