Giant OPM Data Hack Did Blow U.S. Spies’ Cover

Uploaded on 2015-07-30 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

images?q=tbn:ANd9GcSUZsj160Hptc_PF2SxWO-AhSci06s9nLoiMgli9wUPeHkr_G0sDw

US investigators fear that the identity of spies working undercover could be revealed by the cyber security breach, which was revealed last month and exposed the private information of more than 21 million people.
 
A data breach at the US Office of Personnel Management (OPM) could blow the cover of US spies working overseas, say US intelligence officials, who fear the information could be used by another state to determine the activities of US citizens working within its borders.  

US officials had sought to downplay the risks of US spies being uncovered by the data hack, which the OPM announced on June 4, when it promised to notify 4.1 million current and former federal employees whose records had been accessed.

Earlier this month the OPM disclosed the fuller extent of the breach, estimating that more than 21 million people had had some form of their data exposed in the hack, including more than 1.1 million fingerprint records.  

Social Security numbers, job assignments, performance ratings and the training information on employees and contractors were included in the accessed data, but agency officials have maintained that the personal data of intelligence officials was not kept in the database.

Though it is unclear if the personal information of US spies was held in the OPM database, it is feared that even if the spies' data has not been entered into the OPM records, as intelligence officials maintained, it is possible for those with access to the hacked records to nevertheless analyze the data and uncover American spies.

By comparing the list of federal employees with a list of people granted visas to work in US diplomatic posts, a common cover for US intelligence officers who are gathering information in a foreign state, the identity of spies could be deduced, since their names would be on the latter list, but not the former.

Though some US government officials and politicians have publicly attributed the attacks to hackers based in China, other US officials such as NSA chief Rogers have declined to allege that Chinese hackers are behind the attacks, and the Chinese government has rejected the claims, described as "irresponsible and counterproductive" by the Chinese Embassy in the United States.
 
"China, itself a major victim of cyber-attacks, has made it clear that it is against all forms of hacking attacks, and it believes that members of the international community need better communication and cooperation to address cyber security breaches," said the Chinese news agency Xinhua in the aftermath of the breach.

Sputnik

« Don't Make These IT Mistakes in Your Organisation
In The War of 2050, The Robots Call The Shots »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

Hub One

Hub One

Hub One is a leading player in digital transformation with expertise in broadband connectivity, business solutions for traceability and mobility, IOT in industrial environments and cybersecurity.

ContraForce

ContraForce

ContraForce is a threat detection and response software providing complete visibility across cloud, network, endpoints, user, and email with the ability to target and block threats in real-time.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.

HyperSphere

HyperSphere

HyperSphere Data Protect is a patented technology establishing the world’s first cyberstorage solution designed to make data resilient against AI and quantum threats.