Here’s what we know from federal officials about the database that was hacked, compromising the personal information of 4 million current and retired employees: It is kept in a data center at the Department of the Interior.
The Interior Business Center manages personnel systems — including payroll and security information –and finances for 150 federal agencies and offices. With operations in Alaska, Arizona, California, Colorado, Idaho, Virginia and the District, it was a pioneer in providing “shared services” to agencies to avoid duplication and save money.
The Office of Personnel Management and the Interior Department have declined to publicly identify which database in the business center was targeted in the breach disclosed Thursday, one of the largest intrusions into federal employees’ personal information. But experts in and out of government in technology and federal personnel systems say they strongly suspect that a central database hosted by the Interior Business Center containing all executive branch personnel information, called Enterprise Human Resources Integration, was targeted.
The database contains a trove of data on every civilian employee in the government that goes way beyond their Social Security numbers. It’s a compendium of personnel files containing 35 years of historical data on federal employees. The records track an employee’s career in the government, from salary to benefits to training and certification. They also connect to other federal data sources on employees, including sites containing former employees’ retirement status and benefits.
The Business Center is also the government’s largest payroll system, processing paychecks for 240,000 employees at 42 agencies, including NASA, the Federal Election Commission, the Pension Benefit Guaranty Corp. and the National Archives and Records Administration.
OPM began migrating employees’ personnel files to the Enterprise Human Resources system in 2007 as it moved to digitize the records.