Cabinet Secretaries Potentially Exposed in OPM Data Breach

Authorities are working to assess exactly what data was taken in the breach.

ByABC News
June 9, 2015, 7:01 AM

WASHINGTON — -- ABC News has learned top administration officials -- up to and including current and former cabinet secretaries -- are among the federal government employees whose personal information may have been compromised by the massive data breach into Office of Personnel Management computer systems, according to government officials who have been briefed on the matter.

The universe of affected employees, numbering more that 4 million people, is enormous, essentially covering a huge swath of current and former civilian federal government employees.

Personal information about cabinet secretaries is believed to be among the exposed data. Authorities are working to assess exactly what data was taken in the breach, but they are treating all exposed information as potentially stolen.

The employees affected include those who work for federal law enforcement agencies, including the FBI. Sources say a video message from a top FBI official was broadcast to FBI employees last Friday to inform them of the breach and the steps being taken to protect their personal information, including credit monitoring.

The breach also extends to the men and women at the Secret Service. Employees of the U.S. Marshals Service and DEA are also potentially compromised by the breach, officials say.

According to officials who have been briefed, employees who work in the intelligence community at agencies such as the CIA or NSA are not directly impacted, however if they spent any time working in any civilian agency that is covered by OPM, they too could be compromised.

The personal data of President Obama and Vice President Biden are not believed to have been compromised because they are elected officials and their data is not handled by OPM in the same way as other government workers, sources say.

Members of the military and Department of Defense employees are also believed have been spared, because their information is managed in separate .mil computer network rather than the .gov network managed by OPM, according to government officials

While the personally identifiable information thought to be exposed in the intrusion creates a risk of identity theft, sources say there is great concern that a nation could use the information to run intelligence operations against the U.S. on a massive and unprecedented scale.

One source who has been briefed on the incursion said the data can be used by an adversary to map relationships across the entire federal government.

"It is harvesting big data -- social engineering on a huge level, building a database of who works with who," the source said.

This, in theory, would allow for a highly targeted spear-phishing campaign -- imagine that dangerous spam that you would routinely delete now "looks like an email from your boss to you" the source said.

Other employees could potentially be targeted for intelligence operations, leveraging information taken in the intrusion such as a bad performance review, to get them to turn their backs on their country.

Former government workers who now work in the private sector could be targeted for economic espionage operations, stealing trade secrets and potentially costing American jobs.

While government officials are not officially attributing the cyber intrusion China, sources say that the attack bears many of the hallmarks of Chinese state sponsored attacks.

A government wide-notification that employee data was compromised was sent out electronically last week. OPM did not respond to specific questions but did tell ABC News that individual notifications are being sent on a rolling basis through June 19.