US says hackers stole Social Security numbers from 21.5 million people in OPM data breach


#1

[Read the post]


#2

how can there be more than 4 times more people applying for security clearances than there are total federal employees? According to the BLS there are only 122 million full time workers so this database represents nearly 20 percent of the total US workforce.


#3

Does it include ex-employees too?


#4

There are a lot of people with ‘clearance’ that never see secure things but it is required for the job.
I would get pestered once a year to get one and I am too old to want to have to worry about what I can/can’t say about work. Anyway all it would have done was granted me access to pull drives from a server whenever there was a data spill. Then take said drives to be wiped, run through a special magnet, and put in a special shred bin. I would never see actual data but a security clearance is required to handle the drives.


#5

And as clearances, e-verify, and other blacklisting systems are required for more jobs, with some attempts to require them for all jobs… what then?


#6

Contractors.


#7

but nearly 20% of the US work force has applied for a security clearance? How that not be problematic on its face? And even assuming that half have failed. The contractor workforce is twice the size of the government work force in total?

That just seems ridiculous.


#8

about 21.5 million people who have undergone background checks for security clearances since 2000.

OPM lists 4+ mil feds every year since 2000.

(4 mil fed employees) * (15 years) = 60 mil. 

Granted, many of those employees are constant year-over-year. But when you add in

[ (applicants per open position) + (family members) + (contractors) ] * 15 years

then I’m not sure how to arrive at your conclusion.


#9

The data submitted on a clearance application contains not only the applicant’s information but also their spouse, relatives, neighbors and other personal references. Since this is not just federal employees with a clearance but also contractors, the number of people affected is just huge.


#10

Forgot about that, yeah list X people not family or coworkers that we will gather info on and may interview. So number of data points does not equate to number of clearances granted. Come to think of considering the stuff my grandfather did they still have records for me somewhere in the piles of documents.


#11

Yes it does. I am one. I got free credit monitoring out of the deal, yay.


#12

The 21.5 million included 19.7 million individuals who applied for security clearances

Apparently applying for a security clearance now makes you ineligible for a security clearance.


#13

Hmm, hope that’s coming for me then.


#14

It’s news like this that makes me happy that the world stopped using encryption!


#15

I think it’s insane that this story isn’t getting much more hyper-critical attention. All of the details on everyone (essentially) who has a clearance is now… out there? Residences, family relations, criminal history, mental health history, drug history. Apparently this includes SF-86 forms, which are basically ALL information the gov wants to know about you when you get cleared. This is one of the worst security breaches involving the intelligence community I’ve ever heard of. It is devastating.


#16

“US says hackers stole Social Security numbers from 21.5 million people in OPM data breach”

Great work, NSA!


#17

Some JPL employees pushed back against invasive background checks for exactly these reasons. The checks were too much for people in positions that had nothing to do with national security, especially because the people undergoing the checks had already been in their positions for years.

I think the people who pushed back were viewed as a bit petulant, but of course they turned out be exactly right.


#18

Agency I work for is now doing its hiring with paper forms, given the E-QIP (or whatever the fuck that damned thing was called) is down. As mentioned above, I got free credit ‘protection’ out of this nonsense, which makes me wonder: If they have all my background info (which “they” do, given that VA was hacked years ago, and now OPM), how the hell could a company ask for information that would distinguish me from the attacker? Other than calling my cell phone, or looking at house deed records?

What’s the consensus here about firing the OPM head?

Believe I’ll go lay down now.


#19

Apparently they haven’t got around to that yet. From the OPM website (Emphasis mine):

This includes 19.7 million individuals that applied for a background
investigation, and 1.8 million non-applicants, primarily spouses or
co-habitants of applicants. Some records also include findings from
interviews conducted by background investigators and approximately 1.1
million include fingerprints. Usernames and passwords that background
investigation applicants used to fill out their background investigation
forms were also stolen. Notifications for this incident have not yet begun.

@wrecksdart: The bit about usernames and passwords being stolen explains e-QIP being down, though it hurts my brain to think of how they must have been storing the passwords.


#20

This topic was automatically closed after 5 days. New replies are no longer allowed.