http://www.cnn.com/2015/06/22/politics/opm-hack-18-milliion/index.html
By Evan Perez and Shimon Prokupecz
CNN
June 23, 2015
Washington (CNN) - The personal data of an estimated 18 million current,
former and prospective federal employees were affected by a cyber breach
at the Office of Personnel Management - more than four times the 4.2
million the agency has publicly acknowledged. The number is expected to
grow, according to U.S. officials briefed on the investigation.
FBI Director James Comey gave the 18 million estimate in a closed-door
briefing to Senators in recent weeks, using the OPM's own internal data,
according to U.S. officials briefed on the matter. Those affected could
include people who applied for government jobs, but never actually ended
up working for the government.
The same hackers who accessed OPM's data are believed to have last year
breached an OPM contractor, KeyPoint Government Solutions, U.S. officials
said. When the OPM breach was discovered in April, investigators found
that KeyPoint security credentials were used to breach the OPM system.
Some investigators believe that after that intrusion last year, OPM
officials should have blocked all access from KeyPoint, and that doing so
could have prevented more serious damage. But a person briefed on the
investigation says OPM officials don't believe such a move would have made
a difference. That's because the OPM breach is believed to have pre-dated
the KeyPoint breach. Hackers are also believed to have built their own
backdoor access to the OPM system, armed with high-level system
administrator access to the system. One official called it the "keys to
the kingdom." KeyPoint did not respond to CNN's request for comment.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
