White House offers protections to 22 million affected by OPM hack

The White House has announced steps to improve security protections for government and contractor personnel on the heels of the Office of Personnel Management’s announcement that the records of 21.5 million Americans were affected by the hack of a security clearance database, reportedly by Chinese hackers.

That number is up from earlier estimates of 14 million, then 18 million, and follows disclosure of a separate hack of OPM, in which records of 4.2 million current, former and prospective federal employees were taken.

OPM said there is a lot of overlap, and 3.6 million people included in that 4.2 million total also had their records taken in the larger hack. Altogether, that’s 22.1 million people affected, which represents about 7 percent of the U.S. population, roughly 1 in 14 people. Remove the 23.3 percent that the Census Bureau estimates are under 18, and it’s about 9 percent of the adult population. The exact numbers on the population change all the time, so the estimates are rough, but it gives an idea of the size of the breach, which is likely the largest government hack in U.S. history.

The hack of the security clearance database took records on 19.7 million people who had applied for background investigations and 1.8 million non-applicants, primarily spouses or co-habitants of applicants, OPM said.

The people affected, which include military and contractor personnel (along with others such as FBI Director James Comey), had filled out Standard Forms 86, 85 or 85P, which cover a lot of territory, including Social Security numbers; education, employment, health, financial and criminal histories; information on immediate family and business acquaintances; and, in about 1.1 million cases, fingerprints.

OPM said that, at the moment, there’s no evidence that any of the stolen information has been used, but the victims are potentially vulnerable identity theft or targeted phishing schemes. (After OPM began notifying affected personnel—via email—hackers did start sending out phishing emails posing as OPM notifications.)

OPM said it would work with the Defense Department and a private contractor to provide a suite of monitoring and protection services for the 21.5 million people affected by the security database hack, including identity restoration support, identity theft insurance, identity monitoring for children, and credit and fraud monitoring.

OPM also has launched an online resource center at https://www.opm.gov/cybersecurity  with information regarding the breaches, and plans to open a call center in the coming weeks to deal with questions over the phone.

And after weeks of defending herself against criticism, OPM Director Katherine Archuleta earlier today submitted her resignation.