There is no organization so large or small that it cannot lose data to a breach. The digital storage of personally identifiable information was once optional, but now it is standard practice in the public and private sectors, in the U.S. and around the world. The consequences of these incidents depend on what type of data was compromised and how it was used, but the seriousness of data loss can't be ignored. The continuing revelations from a massive data breach at the Office of Personnel Management, nearly three years after the incident, show the kind of harm caused by large data breaches - and how long that harm can last.
Recent developments in the case include an arrest made in late 2017 and a revelation in June that the stolen data was used to commit car loan fraud. It's clear that this massive compromise of internal government information was no mere one-time incident, and its effects linger on.
Congress Asks for Answers
A recent Government Executive report focused on congressional scrutiny of the OPM data breach. Recently, two U.S. citizens pleaded guilty to using names exposed in the hack to commit fraud when applying for auto loans. The two defendants committed the crimes in 2015 and 2016, meaning that the data was accessible by criminals that far back. Senator Mark Warner and Representative Gerry Connolly asked how these American scammers could have gotten the data, as the blame was initially assigned to Chinese hackers.
The Department of Justice issued a press release on the same day that Warner and Connolly brought up the issue, altering a statement that had initially mentioned the stolen identities were part of the OPM breach. If there was a connection between the OPM breach and the loan fraud, the lawmakers wanted to know how it came about. Originally, the explanation involved Chinese forces seeking blackmail material, not data for financially compromising individuals.
The victims of the hack are currently receiving identity theft protection, which lasts through 2026. But if a bill proposed by Democratic Representatives Dutch Ruppersberger and Eleanor Holmes Norton passes into law, they'll be protected for life. Government Executive reported that the bill's sponsors were also part of the group of lawmakers that secured the initial 10 years of free monitoring. The long-term nature of these protective policies shows how far the effects of data loss can last.
Arrest Made Last Year
In August 2017, CNN reported on the arrest connected to the 2015 OPM breach. The FBI stopped the alleged hacker as he entered the U.S. to attend a conference. The agency stated the individual was responsible for working on the malware called Sakura, which compromised millions of records from the OPM.
The actual source of the personally identifiable information was a batch of security clearance applications. These documents are used to determine whether people will be approved to work for the government in sensitive capacities, and they include data such as Social Security numbers. Some of these victims were not government applicants. Most of them were being subjected to background checks to determine whether to issue clearance to their spouses or partners.
CNN reported that 21.5 million records were lost. A majority, 19.7 million, belonged to applicants, while 1.8 million came from their partners and other checked individuals.
Data Loss Effects Can Linger
When working on services and solutions to ensure your company or agency doesn't lose information, it pays to look at the big picture. A data breach isn't truly a one-time event. The damage to the individuals involved can linger, as it's hard to take data down once it is revealed. As the congressional inquiry shows, it's not always immediately clear what kind of damage will be inflicted with lost data.
For more proactive ways to prevent a data breach, look to Identity Guard Business Solutions. We can present options for your organization to help customers and employees monitor their information after a data breach event through identity theft protection.