RACHEL MARTIN, HOST:
What would you do if your sensitive personal information was stolen by hackers? That's the question of facing millions of people because of massive data breaches at the federal government's Office of Personnel Management. U.S. law enforcement sources tell NPR the hack may have exposed the information of more than 18 million current, former and prospective government workers, and employees are mad. NPR's Carrie Johnson reports.
CARRIE JOHNSON, BYLINE: At the American Federation of Government Employees, the phone has been ringing nonstop. Jackie Simon is policy director at the union's national office in Washington, and she has a message for the federal Office of Personnel Management.
JACKIE SIMON: They have really done an exceptionally poor job of dealing with this and certainly have been rather callous with regard to the impact on employees.
JOHNSON: The idea that hackers have federal employees' names, addresses and Social Security numbers is bad enough. But Simon says the long waits workers have been enduring on a helpline add insult to injury.
SIMON: They've had nothing but trouble with the website, nothing but trouble with the so-called customer service representatives who can't answer their questions, the very, very long hold times.
JOHNSON: And then there's this. One former government lawyer told me his notification letter was mailed to his parent's home, where he hasn't lived since 1985. The letter for another person who worked at the Justice Department got sent to her husband's law firm, where she's never worked. Union officials say they have no idea how many notifications may never reach the people whose data's been exposed. Katherine Archuleta leads the OPM. She says the agency will step up its efforts to help employees.
KATHERINE ARCHULETA: I do not - I do not want our employees to sit and wait on a phone. I do not want them to have to wonder whether their data has been - has been breached. I want to serve them in every way that we can, and that is why we're demanding from our contractor the services that the contractor said they would deliver.
JOHNSON: The scope of the data breach is still under review. Federal law enforcement sources tell NPR more than 18 million people could be victims of the hack. And that's not counting friends and associates prospective employees may have listed on security forms. More than a dozen people, including some at the highest ranks of the Justice Department and FBI, told NPR they got notified their data was exposed. So did Congressman Will Hurd, a Republican from Texas.
WILL HURD: I'm going to read a little bit. Dear Mr. Hurd, I'm writing to inform you that the U.S. Office of Personnel Management recently became aware of a cybersecurity incident affecting its system and data, and you may have been exposed.
JOHNSON: That matters because Hurd worked undercover for the CIA for nine years. Congressman Jason Chaffetz, a Republican from Utah, says he worries about the damage to national security. Chaffetz says he's heard from the Federal Law Enforcement Officers Association. That group represents 28,000 current and retired agents, many of them feeling angry and vulnerable.
(SOUNDBITE OF ARCHIVED RECORDING)
JASON CHAFFETZ: Only of the imagination limits what a foreign adversary could do with detailed information about a federal employee's education, career, health, family, friends, neighbors and personal habits.
JOHNSON: Raj De left the National Security Agency earlier this year. He got a warning letter, too. De now works on cybersecurity issues at the law firm Mayer Brown.
RAJ DE: This sort of breach has the potential to undermine, one, the faith of the federal workforce, two, the credibility of the government as a cyber regulator and, three, the belief of the public in the basic competence of their government.
JOHNSON: De says Obama administration now faces the same challenge as many American businesses whose customer and employee information has been stolen - put simply, regaining trust from its own workforce. Carrie Johnson, NPR News, Washington.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.