- ‘Star Trek’s Jonathan Frakes calls out your lies with this new meme Saturday 3:46 PM
- #JusticeForLucca trends after video shows police slam Black teen’s head into pavement Saturday 3:11 PM
- The internet is shocked to learn that Goombas do, in fact, have arms Saturday 2:02 PM
- PayPal, GoFundMe cut off armed militia that detains migrants at border Saturday 1:16 PM
- Barnwood theft may be on the rise because of ‘Fixer Upper’—and fans aren’t having it Saturday 12:23 PM
- Literary Twitter calls out Dzanc Books for Islamophobic, racist novel Saturday 11:40 AM
- How to watch Crawford vs. Khan online Saturday 10:00 AM
- Beyoncé has 2 more projects coming to Netflix after ‘Homecoming’ Saturday 9:53 AM
- How to watch Danny Garcia vs. Adrian Granados for free Saturday 9:00 AM
- The ‘Feeling Cute Challenge’ turns ugly after correctional officers abuse it Saturday 7:30 AM
- How to watch ‘How High 2’ for free Saturday 7:00 AM
- Swipe This! My ex-BFF keeps sliding into my DMs, but I don’t want to be friends Saturday 6:30 AM
- Watch ‘I Am Somebody’s Child: The Regina Louise Story’ for free Saturday 6:00 AM
- How to watch Barcelona vs. Real Sociedad for free Saturday 6:00 AM
- How to stream UFC Fight Night 149 for free Saturday 5:30 AM
It’s now the broadest known hack in U.S. history. Are you a victim?
On Thursday, the world caught another bombshell about the now-notorious OPM hack. It’s now unquestionably the largest known data breach in U.S. history, at least in terms of sheer number of people whose personal information was stolen. But if you’ve got questions, like who was affected, what an OPM is, and which foreign country can we get angry at over this, we’ve got answers.
OPM stands for the United States Office of Personnel Management. If the federal government was a company, OPM would be its human resources division.
What is the hack?
Back in April, a group of hackers gained access to at least two different OPM databases. The first is normal HR stuff—spreadsheets with data like names, addresses, birthdays, and Social Security numbers.
The second is, believe it or not, probably more sensitive. It’s called EPIC, and includes broader information about employees, like background checks. Ever go through a government background check? Some of them are extremely thorough, and gather information about, for instance, marital history. Family. Substance abuse.
Why am I hearing about it now?
Some government sources knew about it May, and President Obama announced it to the public June 4. But it wasn’t until Thursday that we got a more accurate count. 21.5 million Social Security numbers were stolen.
Am I a victim here?
Have you worked for the federal government, or are you close with someone whom the federal government has run a background check on? That’s a good indication of whether or not you’ve been affected.
Does this mean that all 21.5 million people who were in that database are now more vulnerable to identity theft?
How ugly is it?
Well, for one example, hackers—maybe the same ones, maybe others—are already sending phishing emails to victims of the OPM hack. So some poor saps who have already been compromised are looking in their inboxes, seeing what is apparently the first step to getting help, but they’re actually being targeted further.
Who’s behind it?
We don’t know. A lot of people in D.C. assume the hackers are Chinese, and say it’s likely state-sponsored. But cyberattacks, especially sophisticated ones like this, are notoriously difficult to attribute, and pretty much impossible to attribute with certainty.
What are the victims doing?
Suing the government, for one thing. The country’s largest federal employee union has has filed a $1 billion suit against OPM.
Wait, what if it is a foreign government behind this, or a foreign government ends up with the information stolen in this breach? Just thinking out loud here but, what if, say, an FBI agent is clandestinely in that country, and his personnel files reflect that?
That’s what we’re saying! This is a big deal.
Will any politicians who don’t seem to have a strong grasp of cybersecurity use this to call for new laws that wouldn’t have actually in any way helped prevent this breach, but which civil liberties advocates warn would actually severely hamper normal Americans’ privacy?
Was the OPM using an outdated dinosaur of a system that made a disaster like this much more likely?
Is this, plus the Sony hack, plus all the other breaches I’ve heard about in the news in recent years, evidence that this is becoming the kind of world we live in, where huge systems that have our data, which is outside of our control, are susceptible to hackers?
Sorry to be the bearer of bad news, but yes.
Photo via Office of Personnel Management (PD) | Remix by Jason Reed
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.