The US has not yet notified 21.5 million data breach victims

Photo of author

By Larry Banks

Two months after the US government discovered that personal information of 21.5 million Americans was stolen in a hack of government data, none of the people affected have been officially notified, officials said on Tuesday.

The officials, who are familiar with the investigation into the breach, said the Office of Personnel Management (OPM), which oversaw the data, is working with other government agencies to set up a system to inform those affected.

US has yet to notify victims

An official at the OPN, who declined to be identified, said that it would be several weeks before a mechanism was in place, due to the complicated nature of the data and that the government employees and contractors often move between different agencies.

The unnamed official said the government was trying to setup a centralised system rather than leave the notification to each agency. OPM is expected to hire an outside contractor, but has not yet sought bids for the work.

The head of the OPM, Katherine Archuleta, resigned on Friday after she came under fire in Congress for the breach, revealed in May, and an earlier OPM hacking event that was made known in April. Government officials say they suspect Chinese hackers were responsible for the attacks.

Almost all the 4.2 million people affected in the first breach, which was only related to basic job application data, have been notified, the government says. They have also been invited to enrol in an identity protection program.

The larger breach from May that was made public last week involved more sensitive personal information gathered by the OPM for security clearance purposes, of current, former and prospective federal employees and contractors.

This included 19.7 million contractors and employees who applied for security clearances and 1.8 million non applicants, such as spouses, whose personal data was included in security clearance applications.

OPM says that anyone who underwent clearance checks through the agency in 2000 or after is likely to be affected by the latest data breach.

SOURCE: Reuters.

Images Courtesy of DepositPhotos