Massive Government Data Breach Exposes Information on Four Million Americans

Chinese hackers have invaded computers at the federal Office of Personnel Management, accessing personal information relating to at least four million current and former government employees. The New York Times reports:

The Obama administration on Thursday announced what appeared to be one of the largest breaches of federal employees’ data, involving at least four million current and former government workers in an intrusion that officials said apparently originated in China.

The compromised data was held by the Office of Personnel Management, which handles government security clearances and federal employee records. The breach was first detected in April, the office said, but it appears to have begun at least late last year.

The target appeared to be Social Security numbers and other “personal identifying information,” but it was unclear whether the attack was related to commercial gain or espionage.

As the Times notes, this is at least the third recent major intrusion into federal computer systems that we know about, the others being the hacking of White House and other executive branch computers by Russians last year, and a possibly more dangerous intrusion last summer, in which federal employees who had applied for top-secret security clearances were targeted. That one also apparently originated in China.

To be fair, private companies have also suffered data breaches in the last year or two. But it is reasonable to assume that the federal government does not handle its electronic data as carefully as a private company would. Certainly what we have learned about incompetent data management at the IRS supports that conclusion.

Computer hacking may be an area in which, at least for the time being, offense has an advantage over defense. If that is the case, our government needs to do at least two things, in addition to strengthening its defenses against hackers: 1) aggressively target secret electronic information held by the Russians and Chinese, and 2) retaliate against countries (like Russia and China) from which intrusions originate, without worrying about whether a particular episode was or was not government-sponsored.