THE OTHER shoe is expected to drop this week on the disastrous loss of confidential information from the databases of the Office of Personnel Management. The agency is expected to reveal the extent to which information from security investigations of current, former and prospective federal employees and contractors was compromised. The background checks often unearth sensitive and intimate matters, and the loss may put many at risk of blackmail. The agency is expected to reveal this week how many dossiers were taken, but reports suggest it was in the millions. The breach comes on top of a separate intrusion in which personally identifiable information on 4.2 million federal workers was filched from the OPM databases.
President Obama ought to be far more steamed about the break-ins than he appears. The OPM director, Katherine Archuleta, knew as well as anyone how sensitive the data was, yet the door to her agency was apparently left ajar. Thieves walked out with an intelligence goldmine, the most intimate details about U.S. public servants, including those who handle the most highly classified secrets of the United States. This was an unforgivable failure of stewardship that should lead to firings for incompetence. Ms. Archuleta, confronted with questions on Capitol Hill, refused to shoulder any blame. “I don’t believe anyone” at the agency “is personally responsible,” she said. “If there is anyone to blame, it is the perpetrators.”
The director of national intelligence, James R. Clapper, said China is the “leading suspect” in the breach. The FBI has issued a “flash” alert that did not specify China as the origin, but identified some malware — including a remote access tool called Sakula — that has previously been associated with Chinese cyberattacks. A Reuters report has pointed out that Sakula was also used in an attack on the mammoth health insurer Anthem this year. The report quotes sources saying that the perpetrators did not seem to be the usual Chinese outfits that try to steal military and industrial secrets through espionage, but another group affiliated with China’s Ministry of State Security. This is a worrisome prospect. The Chinese security service may be attempting to use the stolen personal data from Anthem and from OPM to build a directory of Americans who work in sensitive government positions and who can be targeted for further espionage.
Spying is a constant in international relations, but this particular theft is not business as usual. The Chinese would like to have a smooth, harmonious summit when presidents Xi Jinping and Obama meet in September. Mr. Obama should put China on notice today that such theft is inconsistent with harmony at the table — and he’s mad as hell about it. If that doesn’t get Beijing’s attention, the United States should begin preparations for retaliation aimed specifically at the alleged Chinese attackers. Not all of the broad U.S.-China bilateral relationship needs to be put at risk, but the thieves must feel the heat. It is the only way to deter future attacks.