After details of the Office of Personnel Management hack became public, the agency claimed that hackers accessed 4.2 million employee records. That number, according to FBI estimates, is actually 18 million.
Over the last several weeks, FBI Director James Comey briefed officials behind closed doors on the depth of the worst cybersecurity breach ever suffered by the government. The 18 million number includes current and former employees, as well as candidates interested in joining the federal government. That amount is still expected to grow as the situation unfolds, CNN reports. (RELATED: The True Impact Of The Chinese OPM Hack Is Only Just Now Being Realized)
OPM stated that at least in the interim, it’s sticking with the lower estimate until it receives further confirmation. Hackers had access to the system for over a year before they were detected. Previously, hackers breached an OPM contractor, KeyPoint Government Solutions and used those credentials to access the main OPM system, but officials still think that the OPM breach occurred prior to the hack of KeyPoint.
Officials suspect China as the source of origin for the attacks, though Beijing has strenuously objected to the attribution.
In the wake of the incident, the federal government has contracted with privacy vendors like Winvale to provide credit monitoring protection to employees. Many are reticent to participate, since participation requires employees to hand over even more personal information to another company called CSID.
One woman said that when she signed up, CSID asked her a series of questions relating to her student loan. The day after, she received three telemarketing phone calls advising her that she qualified for student loans.
Officials informed CSID that it shouldn’t be using data from victims for any other purposes, though CSID denied that it had any involvement with the calls.
OPM Director Katherine Archuleta is set to appear before a Senate panel on Thursday. Lawmakers have already urged Archuleta to resign, though the White House confirmed last week that President Barack Obama is still confident in Archuleta’s ability to lead.
At a recent hearing, lawmakers urged Archuleta to come clean and answer basic questions relating to the breach, but were ultimately unsuccessful.
“I wish that you were as strenuous and hardworking at keeping information out of the hands of hacker as are at keeping information out of the hands of Congress,” Democratic Rep. Stephen Lynch told Archuleta last week, according to CNN.