OPM Hackers Could Be Building Personal Databases
SCOTT SIMON, HOST:
The U.S. government revealed this week there's been a massive cyber attack on the agency that stores the records of federal employees - the Office of Personnel Management. The personal data on 4 million people may have been stolen. The source of the attack is unknown. OPM says it will begin to notify people who may have had data taken from them on Monday, as NPR's Aarti Shahani reports.
AARTI SHAHANI, BYLINE: OPM can't know for sure what data the hackers copied and pasted, but the agency says it'll be as specific as possible when informing people. And OPM will offer victims 18 months of credit monitoring, as well as up to $1 million in cyber insurance coverage. Critics say that's not meaningful protection.
JOHN PRISCO: That seems to be the standard present that's given to people when they have their lives disrupted by this sort of thing.
SHAHANI: John Prisco is CEO of Triumphant, a company that tries to identify cyber attacks early on.
PRISCO: One thing you have to keep in mind is that these adversaries are very patient; they're very good. And they'll use this information two, three, five years from now.
SHAHANI: It's not clear yet who stole the data and why. One camp says the hackers are state-sponsored from China and are planning a long-term campaign of cyber espionage to steal intellectual property. Prisco says even if that's true, a subset of hackers could also decide to open up bank accounts down the line. Social Security numbers and dates of birth don't change.
PRISCO: Now that it's in the hands of criminals, they have no obligation to keep the information confidential. And the information can be used for espionage, but it also can be used to take out credit.
SHAHANI: Security experts say they have not seen stolen personal records from OPM or from prior breaches like Anthem or Premera show up for sale on black market sites. It's possible that hackers are building databases on individuals who are deemed particularly valuable for their financial worth or their access to U.S. state secrets. Aarti Shahani, NPR News, San Francisco.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.