Several American government and intelligence officials have expressed concerns that this summer’s sweeping data breach of the United States Office of Personnel Management may have further ramifications.
According to reporting by The New York Times, officials believe that combined with China’s prior accumulated data and intelligence, data troves from the OPM hack could give the Chinese government the information necessary to hone in on the identities of American spies.
When the breach was first reported, government officials said that the hack did not compromise the identities of covert operatives. But theoretically, hackers could search for the names of Americans working in embassies or other official capacities and if they do not show up in the OPM data, they could assume these people are suspected spies who work under the guise of diplomats.
Representative Adam Schiff (D-Calif.), who leads the House Intelligence Committee, weighed in on what the leaked information could mean.
“It’s even more compromising when it is used in combination with other information they may hold,” Schiff told the Times. “It may take years before we’re aware of the full extent of the damage.”
Speaking Thursday at the Aspen Security Forum in Colorado, National Security Agency Director Michael Rogers suggested that the hackers’ motive might have been amassing federal employees’ email addresses in order to carry out spear phishing attacks against their computer networks.
Rogers did not claim to know for a fact how the hackers’ are actually using the vast information they gained, but he did note that there have been several persistent phishing attempts in recent months.
“In the past nine months I am watching huge spear phishing campaigns coming out of several nations around the world, directed against U.S. targets,” Rogers said. “They’re not unrelated to me. You see both state and criminal entities using it as well.”
The first OPM breach in June affected 4.2 million Americans, and a second breach reported in July affected another 21 million people. Information compromised in the breaches included employees’ Social Security numbers, job assignments, addresses, and even personal information about their drug and alcohol use and mental health issues.
The Obama administration has never officially blamed the Chinese government for the hack, but the Times report claims that it’s something of an open secret within the U.S. government.
In response to the second data breach, a bipartisan group of senators have backed a congressional measure that would expand the Homeland Security Department’s powers so it could better fight against cyber attacks, according to the Associated Press.