Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

OPM: The worst hack of all time

Steven J. Vaughan-Nichols | June 30, 2015
Hi, my name is Steven J. Vaughan-Nichols and I had a security clearance in the 1980s. Because of that, my personal records are likely to have been revealed by the Office of Personnel Management hack.

file folders 
Credit: U.S. Navy

Hi, my name is Steven J. Vaughan-Nichols and I had a security clearance in the 1980s. Because of that, my personal records are likely to have been revealed by the Office of Personnel Management hack.

Big deal, right? What could be so important about my 30-year-old records that it would matter to me today?

Oh, let me think. There's my Social Security number, my birthday, my birthplace, everywhere I had lived for 10 years before I got my clearance, the full names of all my relatives -- you know, everything you'd need to steal my identity.

Does that sound like I'm overstating the case? I'm not. When you get a security clearance, they want to know everything about your life.

Check for yourself. The current Questionnaire for National Security Positions form (SF-86) is 127 pages long. It asks for information on everywhere you've lived in the last 10 years, every job you've had for the last 10 years, and any visits to a healthcare professional for emotional or mental health conditions in the last seven years.

Then, of course, records checks may also be made on your spouse, roommates and immediate family members. Oh, and by the way, "immediate family" means your spouse, parents, step-parents, siblings, half- and step-siblings, children, stepchildren and cohabitants.

Except for the name of your first pet, the SF-86 pretty much covers every question you've ever been told you could use for your "security" question.

I understand why they ask those questions. What I don't understand is why Congress never anted up the cash to encrypt those records or secure them in any meaningful way.

While I'm grousing about this, I'd also like to know why it appears that some OPM contractors may have been Chinese nationals -- working from China.

You can't make this stuff up. Who needs hackers, when the U.S. government will hire you to manage its top-secret goodies?

What's that you say? It was only four million records? Oh no, my friend. It was at least 18 million. That's 18 million former, current and would-be federal employees and contractors.

But, wait! It may be 32 million!

I've reason to believe it was at least that many. I just haven't been able to get anyone on record with that number. But trust me, the OPM data breach is bigger and badder than anything else that's ever happened.

Now, let's think about the next steps. Clearly, the entire government personnel system will need to be cleaned up. There's a bigger issue, though.

The U.S. currently has about 319 million citizens. Of those, 10 percent of them may have had their Social Security numbers revealed. Think about it.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.