Chinese government-sponsored computer hackers have struck the Office of Personnel Management’s servers for a second time and have gained sensitive information about four million U.S. military and intelligence personnel. This stolen data contains extremely detailed data about many government officials and their security clearances. This latest breach of security was a separate attack from the one announced last week, which is now believed to be far more severe than first thought.
According to the New York Times, “This tells the Chinese the identities of almost everybody who has got a United States security clearance,” stated Joel Brenner, a former U.S. counterintelligence official. “That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”
As reported by Forbes, U.S. Press Secretary Josh Earnest said the president is considering using an executive order signed in April. This order permits financial sanctions against entities participating in cyber attacks against the U.S. Mr. Obama initially signed the executive order in response to the North Korean cyberattack against Sony Pictures.
The hacked database has copies of Standard Form 86, a form filled out by individuals seeking national security positions. This form has 127 pages and contains medical data, including the information on treatment given for “an emotional or mental health condition.” According to the Associated Press, the form may also have information about substance abuse, arrests, and financial issues. Lists of relatives and close friends are also contained within these stolen forms.
Security experts say that the Chinese have more recently begun to target personal information on government workers that could be used for blackmail.
The second breach of OPM computers was discovered during an effort to assess what information was stolen in the initial breach.
Besides financial sanctions against the Chinese, the government’s response to the attack includes a “30-Day Cybersecurity Sprint” ordered by the government’s chief information officer.