A December security breach of government systems containing personal information of millions of federal employees was worse than originally thought.
A union of federal workers said Thursday that the attack, announced last week, had stolen confidential information of every single federal employee, past or present -- far more than was previously revealed.
The government disputes those claims. It's the latest in a string of high profile hacks, and if the union is correct, it would be the first to affect every employee of any organization or company. The union's allegations come a few months after President Barack Obama promised the federal government would work with companies to protect people from hacks and identity theft. Obama's administration has since blamed the government of China for the hack of federal employee information.
"We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous, but hackers stole military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more," American Federation of Government Employees President J. David Cox wrote in a letter to the US Office of Personnel Management. Worse, he wrote the Social Security numbers of employees don't appear to have been protected with encryption algorithms, a standard security measure for sensitive information. Cox called the lack of adequate security controls "absolutely indefensible and outrageous."
Jackie Koszczuk, a spokeswoman for the Office of Personnel Management, said that every current and retired federal employee's records were compromised was not correct. The agency will make a full statement soon, Koszczuk said. The attack was first revealed last week, when the government said the personal information of 4 million federal workers had been breached.
The union said it believes "the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees," Cox wrote. The government has pledged to notify each affected employee of the hack and offer services to help counter any abuse of their information.