My husband’s letter arrived first. Five months after the government agency announced the first massive data breach, the Office of Personnel Management, the U.S. government agency responsible for collecting personnel data on federal employees, mailed official notifications to the more than 21 million employees whose sensitive personal data was compromised.
What makes this data breach worrisome is the degree of personal information stolen. OPM is the data repository for federal employees applying for or renewing one’s security clearance. The theft of detailed security-clearance-related background information not only included Social Security numbers of the clearance holder, but of one’s immediate family members as well. Financial data, private medical records, and interviews with one’s neighbors and associates provide extensive information for determining one’s eligibility for a security clearance — and were part of the data breach. Hackers now possess federal personnel data for both current and some retired workers, as well as the fingerprints of up to 5.6 million government employees. The Chinese have been unofficially identified as the source of the OPM data breach, although it is unknown whether it was state sanctioned or a group acting from inside China.
Once my letter arrived Friday, I read how to apply for credit report monitoring at government cost. I also requested credit reports for the first time for our middle schooler, enrolling our child for the first of what will undoubtedly be many years of credit report monitoring. Many in San Antonio are facing the same situation, receiving these OPM “love letters” because of the high concentration of military active duty and retired veterans working in jobs requiring security clearances.
Despite taking every precaution possible, we’ve been victimized by data breaches and financial data compromises over the past eight years. From the Tricare 2007 theft of data to the more recent Target hacking, I’ve had my credit reports monitored for signs of fraudulent activity every year. The degree of cyber insecurity has escalated from lone hackers and criminals looking for quick access to money.
Economic espionage cases have jumped—the FBI reported a 53% increase just this past year. It’s not just big businesses or technology-based corporations that are at risk. The health care industry, and major companies such as Westinghouse Electric, the United States Steel Corporation and Sony have all been targeted. Cyber attacks against critical infrastructure—transportation hubs, power plants, financial systems—have also been on the rise. From companies looking to safeguard assets to trading partners in the Western Hemisphere, the need to defend against cyber attacks is part of the security landscape. Cybergangs, narco-crinimals looking for intelligence, and nation states such as China, Russia, Iran, and North Korea have taken the shadowy threat of cyber intrusion, theft, and destruction into the light of everyday experience for the average person.
How does one defend against cyber insecurity? It’s going to take more than the offer of free credit monitoring and a paper shredder. Our globally connected infrastructure—from communications to finance—has become a liability. On a personal level, the spread of smartphone users means more people accessing the Internet daily without ever owning a computer, making cellphone security paramount as more people use them to conduct sensitive transactions.
On larger scale, the U.S. government and its agencies, public utilities, local governments and municipalities, more industries and companies, and U.S. economic partners are looking to strengthen its cyber security against data intrusions, theft and destruction.
And all those employees with security clearances? Those with skills in cyber intelligence, cyber information technology management, and cyber vulnerability assessment will be extremely employable. Perhaps that may be of some solace for some getting OPM notification letters.
*Top image: Screenshot of U.S. Office of Personnel Office’s cybersecurity page.