- How to watch Netflix on Linux 4 Years Ago
- Fortnite streamer Tfue sues gaming organization FaZe Clan over contract dispute Today 12:28 AM
- Report finds some users can’t opt out of Facebook’s face recognition Monday 7:27 PM
- Get emotional over this real-life pastor baptizing an anime girl in virtual reality Monday 6:53 PM
- Twitter wants to know what Jack in the Box did to offend Kim Kardashian Monday 6:38 PM
- ‘Game of Thrones’ meme claims King’s Landing is an ‘inside job’ Monday 6:06 PM
- Report: Personal data of 49 million Instagram influencers exposed online Monday 4:57 PM
- ‘Stranger Things’ season 3 trailer teases a wet, hot American summer Monday 4:02 PM
- What Daenerys’ biggest ‘Game of Thrones’ scenes have in common with Nazi propaganda Monday 3:12 PM
- Here’s what’s coming to Amazon Prime in June Monday 2:11 PM
- Where did Jon Snow go? Unpacking the ‘Game of Thrones’ ending Monday 2:04 PM
- So, did anyone actually win ‘Game of Thrones’? Monday 1:29 PM
- The surprising religious subtext of ‘John Wick: Chapter 3’ Monday 12:53 PM
- Robin Arryn got hot—and the internet is seriously shook Monday 12:40 PM
- Tana Mongeau is going to VidCon a year after TanaCon disaster Monday 12:12 PM
It’s now the broadest known hack in U.S. history. Are you a victim?
On Thursday, the world caught another bombshell about the now-notorious OPM hack. It’s now unquestionably the largest known data breach in U.S. history, at least in terms of sheer number of people whose personal information was stolen. But if you’ve got questions, like who was affected, what an OPM is, and which foreign country can we get angry at over this, we’ve got answers.
OPM stands for the United States Office of Personnel Management. If the federal government was a company, OPM would be its human resources division.
What is the hack?
Back in April, a group of hackers gained access to at least two different OPM databases. The first is normal HR stuff—spreadsheets with data like names, addresses, birthdays, and Social Security numbers.
The second is, believe it or not, probably more sensitive. It’s called EPIC, and includes broader information about employees, like background checks. Ever go through a government background check? Some of them are extremely thorough, and gather information about, for instance, marital history. Family. Substance abuse.
Why am I hearing about it now?
Some government sources knew about it May, and President Obama announced it to the public June 4. But it wasn’t until Thursday that we got a more accurate count. 21.5 million Social Security numbers were stolen.
Am I a victim here?
Have you worked for the federal government, or are you close with someone whom the federal government has run a background check on? That’s a good indication of whether or not you’ve been affected.
Does this mean that all 21.5 million people who were in that database are now more vulnerable to identity theft?
How ugly is it?
Well, for one example, hackers—maybe the same ones, maybe others—are already sending phishing emails to victims of the OPM hack. So some poor saps who have already been compromised are looking in their inboxes, seeing what is apparently the first step to getting help, but they’re actually being targeted further.
Who’s behind it?
We don’t know. A lot of people in D.C. assume the hackers are Chinese, and say it’s likely state-sponsored. But cyberattacks, especially sophisticated ones like this, are notoriously difficult to attribute, and pretty much impossible to attribute with certainty.
What are the victims doing?
Suing the government, for one thing. The country’s largest federal employee union has has filed a $1 billion suit against OPM.
Wait, what if it is a foreign government behind this, or a foreign government ends up with the information stolen in this breach? Just thinking out loud here but, what if, say, an FBI agent is clandestinely in that country, and his personnel files reflect that?
That’s what we’re saying! This is a big deal.
Will any politicians who don’t seem to have a strong grasp of cybersecurity use this to call for new laws that wouldn’t have actually in any way helped prevent this breach, but which civil liberties advocates warn would actually severely hamper normal Americans’ privacy?
Was the OPM using an outdated dinosaur of a system that made a disaster like this much more likely?
Is this, plus the Sony hack, plus all the other breaches I’ve heard about in the news in recent years, evidence that this is becoming the kind of world we live in, where huge systems that have our data, which is outside of our control, are susceptible to hackers?
Sorry to be the bearer of bad news, but yes.
Photo via Office of Personnel Management (PD) | Remix by Jason Reed
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.