McCaul: Data Breach 'Was an Attack by China Against the U.S. Government'
(CNSNews.com) - The massive intrusion into the federal government's personnel files "was an attack by China against the United States government," Rep. Michael McCaul (R-Texas), cahirman of the House Homeland Security Committee told CBS's "Face the Nation on Sunday."
"This was a huge data-mining process. And it targeted political appointees in the federal government and federal employees, four million of them," he said.
"It was not done to steal credit card information and that kind of theft. It was done to get to personal information on political appointees in the federal government and federal employees to exploit them so that later down the road, they can use those for espionage to either recruit spies or compromise individuals in the federal government."
"This was a huge data-mining process. And it targeted political appointees in the federal government and federal employees, four million of them," he said.
"It was not done to steal credit card information and that kind of theft. It was done to get to personal information on political appointees in the federal government and federal employees to exploit them so that later down the road, they can use those for espionage to either recruit spies or compromise individuals in the federal government."
The breach happened in December but wasn't discovered until April, and it was made public last Thursday.
A counterintelligence official told the Associated Press that spies may use personal details about federal employees to target those who have access to national security information.
For example, he said details found in personnel files could be used to trick workers into opening emails that might infect their computers with a program that would steal more information or install spy software.
McCaul said the cyberattck "raises all sorts of issues that we need to deal with."
He urged the Senate to take up a House-passed cyber-security bill. "I hope the Senate will pass that and the president will sign it into law.
But I think this is an area where there are no rules of the game in terms of espionage, in terms of stealing this kind of information. And I think it raises all sorts of issues with Americans. Anthem was an attack against health care records of Americans and Blue Cross/Blue Shield.
This, we think, originates from the same source out of China to steal data not only on federal employees, but Americans, to have a large database of intelligence information against us."
The federal Office of Personnel Management says starting Monday, it will begin notifying approximately 4 million individuals whose "Personally Identifiable Information" was potentially compromised in this incident.
The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those Federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service.
In order to mitigate the risk of fraud and identity theft, OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM.
Federal employees were told in a video Friday to change all their passwords, put fraud alerts on their credit reports and watch for attempts by foreign intelligence services to exploit them. That message came from Dan Payne, a senior counterintelligence official for the Director of National Intelligence.
"Some of you may think that you are not of interest because you don't have access to classified information," he said. "You are mistaken."
According to the Associated Press, the hackers may have made off with information about workers who undergo security clearance background checks. That information includes the names of family, neighbors, even old bosses and teachers, as well as reports on vices, arrests and foreign contacts.
However, OPM spokesman Samuel Schumach said there was no evidence to suggest that security clearance information collected by OPM was compromised. It's stored separately from routine personnel files, he said.
"The kind of data that may have been compromised in this incident could include name, Social Security Number, date and place of birth, job assignments, training files, performance ratings and current and former addresses," Schumach said in an email.
A counterintelligence official told the Associated Press that spies may use personal details about federal employees to target those who have access to national security information.
For example, he said details found in personnel files could be used to trick workers into opening emails that might infect their computers with a program that would steal more information or install spy software.
McCaul said the cyberattck "raises all sorts of issues that we need to deal with."
He urged the Senate to take up a House-passed cyber-security bill. "I hope the Senate will pass that and the president will sign it into law.
But I think this is an area where there are no rules of the game in terms of espionage, in terms of stealing this kind of information. And I think it raises all sorts of issues with Americans. Anthem was an attack against health care records of Americans and Blue Cross/Blue Shield.
This, we think, originates from the same source out of China to steal data not only on federal employees, but Americans, to have a large database of intelligence information against us."
The federal Office of Personnel Management says starting Monday, it will begin notifying approximately 4 million individuals whose "Personally Identifiable Information" was potentially compromised in this incident.
The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those Federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service.
In order to mitigate the risk of fraud and identity theft, OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM.
Federal employees were told in a video Friday to change all their passwords, put fraud alerts on their credit reports and watch for attempts by foreign intelligence services to exploit them. That message came from Dan Payne, a senior counterintelligence official for the Director of National Intelligence.
"Some of you may think that you are not of interest because you don't have access to classified information," he said. "You are mistaken."
According to the Associated Press, the hackers may have made off with information about workers who undergo security clearance background checks. That information includes the names of family, neighbors, even old bosses and teachers, as well as reports on vices, arrests and foreign contacts.
However, OPM spokesman Samuel Schumach said there was no evidence to suggest that security clearance information collected by OPM was compromised. It's stored separately from routine personnel files, he said.
"The kind of data that may have been compromised in this incident could include name, Social Security Number, date and place of birth, job assignments, training files, performance ratings and current and former addresses," Schumach said in an email.
No comments:
Post a Comment
Comments always welcome!