In the letter, according to the AP, AFGE's president said that "Based on the sketchy information OPM has provided" during internal OPM briefings, the hackers got their hands on a slew of sensitive data such as "military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race data."And there's more. Apparently the hack went unnoticed for more than a year, according to anonymous sources cited by ABC News."If [only] they knew the full extent of it," a source briefed on the breach told ABC News.According to the source, the breach affected OPM servers that stored forms filled out by government employees looking for security clearances. The information disclosed on these forms, according to experts, is "goldmine" for foreign spies, and "everything anyone would ever need for blackmail," since they can include full biographies, family members data and even information on the applicant's' social life, including embarrassing information on past "legal, private, sexual" troubles, according to John Schindler, a former professor of national security affairs at the US Naval War College.
"The hackers are now in possession of all personnel data for every federal employee."
These forms dig "into every aspect of your social and financial life," according to Chris Eng, the vice president of research at Veracode, who underwent a background investigation.All this was probably thanks to OPM's lax, or downright awful, security practices, which various outlets, such as Ars Technica, have detailed over the weekend. Just to name one, the agency didn't even have an inventory of devices connected to its network, according to a report prepared last year OPM's Inspector General.A spokesman for OPM did not answer to Motherboard's call requesting comment for this story.In its press release disclosing the hack, OPM said protecting US government employees' data "is of the highest priority," yet this massive hack was actually not the first one that the agency suffered in less than a year.
The breach affected OPM servers that stored forms filled out by government employees looking for security clearances.
Meanwhile, despite the fact that government officials have leaked to the press that China is behind the hack, anonymous hackers are claiming to be in possession of the data, and offering to sell it on the dark web. On Thursday, a hacker dumped up to 23,000 government emails and passwords, although it's not clear if the data comes from this OPM breach.What's clear, however, is that this OPM breach is even more serious than everyone thought.
This OPM breach is even more serious than everyone thought.