The largest union representing federal employees said it believes the hackers from China who breached a database containing employment information have access to the personal information of every federal worker.
Cox also said the criminals stole a range of personal information that goes beyond what the Office of Personnel Management disclosed when it went public with the intrusion last week, including military records, veterans’ status and life insurance information. In short, the employees’ entire personnel file.
OPM has previously disclosed that the personal information of about 2 million active federal employees was potentially compromised. On Thursday, Press Secretary Sam Schumach said the precise number was 2.1 million. That’s the total number of civilians in the executive branch, and includes employees from administrative secretaries to Cabinet secretaries. Schumach also confirmed that one million retirees’ information is at risk as well as that of 1.1 million employees who worked in the government at one time but left for other jobs.
The AFGE points to a database called the Central Personnel Data File as the hackers’ target. Several year ago, it became part of a database called Enterprise Human Resources Integration, which is managed by a business center at the Department of Interior. The Washington Post reported last week that this database likely contains the personnel files that were accessed. OPM began migrating employees’ personnel files to the system in 2007 as the agency moved to digitize employee records.
The union’s letter, first reported by the Associated Press, also said the hackers are in possession of a trove of employment records on the active and former workers in the database. As the Post reported last week, the data goes way beyond Social Security numbers. It’s a compendium of personnel files containing 35 years of historical data on federal employees. The records track an employee’s career in the government, from salary to benefits to training and certification. They also connect to other federal data sources on employees, including sites containing former employees’ retirement status and benefits.
While Cox said the hackers now have all of these records in their possession, it remains unclear whether in fact the hackers actually stole what they had gained access to, for instance by downloading records of employees’ financial information.
Here’s the text of Cox’s letter:
You may also like: