OPM: 21.5 Million Social Security Numbers Stolen From Government Computers
Updated at 9:40 p.m. ET
The U.S. government says it's concluded "with high confidence" that the Social Security numbers of 21.5 million people were stolen from government background investigation databases.
The Office of Personnel Management says that number includes 19.7 million individuals who applied for a background investigation and 1.8 million nonapplicants, who it says are primarily spouses and cohabitants of the applicants.
OPM says the breach of 21.5 million records "is separate but related to a previous incident" in which it identified 4.2 million current and former federal employees who had their records stolen.
There is some overlap between the two separate incidents, which were publicly revealed on June 4 and on June 12, and the government puts the total number of affected individuals in both intrusions in 22.1 million.
It was widely thought the number of individuals affected by the data breaches would grow, but the latest estimates go beyond even the most pessimistic estimates.
The government says people who had background checks through OPM starting in 2000 are "highly likely" to have been affected by the data breach. People who had checks prior to 2000 are "less likely" to have been affected.
The background checks contain "some information regarding mental health and financial history"; in addition, approximately 1.1 million of the records contain fingerprints.
Investigators believe the second intrusion lasted about seven months. Joel Brenner, a former inspector general for the National Security Agency, told NPR's Dina Temple-Raston that's a long time to be in the system.
"They do have a goldmine there is no question about that in what they stole," said Brenner, "but nobody seems to be paying any attention to what they might have left behind ... Once you are in system you can not only steal things from it but you can change what is inside of it."
Congressional critics have called for OPM director Katherine Archuleta to resign. House Oversight Committee Chairman Jason Chaffetz, R-Utah, said the "negligence" of Archuleta and OPM Chief Information Officer Donna Seymour "has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries. Such incompetence is inexcusable."
The Obama administration has not publicly identified whom it suspects is behind the breach, but it's widely believed to be China.
Those whose background checks were stolen will be notified in the coming weeks, the OPM says. They will be offered at no charge full service identity restoration support and victim recovery assistance, along with identity theft insurance, identity monitoring for minor children and continuous credit monitoring "for a period of at least 3 years."
Two federal employee unions have previously filed suit against OPM over the data breaches. Colleen M. Kelly, President of the National Treasury Employees Union says her group "continues to be outraged that so many of our members have had their personal information compromised due to these breaches."
The NTEU wants the government to provide lifetime credit monitoring and identity theft protection for the affected employees.
Copyright 2020 NPR. To see more, visit https://www.npr.org.