Hackers had access to US security clearance data for a year

19.06.2015
Hackers who breached a database containing highly personal information on government employees with security clearances had access to the system for about a year before being discovered, The Washington Post reported on Friday.

The breach at the U.S. Office of Personnel Management dates back to June or July last year and was only discovered earlier this month.

The database in question contains applications for security clearances, which ask for information on all aspects of a person's life including social security numbers, passport numbers, names of former neighbors, and information on family members. It also asks about, over the past seven years, any contact with foreign nationals and problems with drug or alcohol abuse, debts or bankruptcy, imprisonment and run-ins with law enforcement.

The OPM hasn't said how much data it believes was stolen, but the longer intruders have to explore a network, the more data they can access. With the year they had, there are fears the theft could be substantial.

It is the second major breach uncovered and made public at the government department in recent weeks. The first, which came to light in early June, involved OPM's database on federal employees and is thought to have resulted in the theft of data on as many as 4 million workers.

While a perpetrator hasn't been named, U.S. officials, speaking under the cloak of anonymity, have said they suspect the Chinese government of playing a role.

The Chinese government has denied the accusations.

The OPM essentially serves as the government's human resources department and handles functions like hiring and retaining staff and running background checks. The office has information that could be used to identify people, including financial data and details about employees' families. The breach also raised concerns that information on intelligence workers was exposed.

Fred O'Connor writes about IT careers and health IT for The IDG News Service. Follow Fred on Twitter at @fredjoconnor. Fred's e-mail address is fred_o'connor@idg.com

Fred O'Connor