Massive data breaches at the U.S. government’s Office of Personnel Management (OPM) earlier this year were apparently a lot worse than officials previously estimated.
In a statement released Thursday, the OPM said hackers stole Social Security numbers and other sensitive personal information from 21.5 million Americans who have undergone background checks for security clearances. The group says this incident is ‘separate but related’ to a previous hack announced in June, in which personnel data was stolen from 4.2 million current and former federal employees. And according to the OPM, 3.6 million people were actually affected by both breaches — believed to be carried out by Chinese hackers — and the total number of individuals potentially at risk is now 22.1 million.
Read more: Clark’s guide to credit freeze, one of the most effective tools against ID theft
According to the OPM, the information stolen in this second incident was from personal background investigation records of current, former and prospective federal employees and contractors. And that personal data is about as sensitive as it gets. The agency says the types of information in these records include:
‘Social Security numbers; residency and educational history; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.’
Who could be affected?
The potential reach of these data breaches is massive, because not only does it include current, former and prospective employees and contractors, but it also includes family members and others with close ties to applicants. The OPM says for anyone who underwent a background check through the agency since 2000, it is ‘highly likely’ that the individual is impacted by the recent hacks. On top of that, people who didn’t apply for a background check — mostly spouses or co-habitants of applicants — could also be affected.
Read more: Don’t give your Social Security number at these places!​
While the OPM says it has no evidence showing ‘any misuse or further dissemination of the information that was stolen’ from its systems, it, along with the Department of Defense, will provide credit and identity theft monitoring services for anyone possibly affected by these incidents.
Read more: Protect your rights and identity
