The cyberattack against the US Office of Personnel Management is the largest ever against the US government, although more records have been exposed by other “cyber” incidents.
According to Advisen’s Loss Insight database, the largest government cyber incidents involve a hard drive being sent for recycling and the improper sale of records to a marketer. But when it comes to a cyberattack, the one suffered by the OPM is head and shoulders above all others.
After announcing in early June that it would be notifying 4 million employees who may have had personally identifiable information stolen, the OPM recently issued an update and says its analysis of a breach discovered in late May has affected 21.5 million people.
OPM said the latest found breach includes 19.7 million people who applied for a background investigation and 1.8 million non-applicants—spouses or cohabitants of applicants. About 1.1 million affected records include fingerprints, which opens up a new kinds of cyber risk possibilities.
READ ALSO: OPM breach affected 21.5 million people
OPM posts federal job openings, conducts background checks and security clearances, manages pension benefits for retired employees, administers health insurance and other insurance programs to employees, and provides training and development programs for employees and government agencies.
Attacks aimed at the executive, legislative, and “general” arms of the government were found to be most common, according to Advisen data, followed by a fairly even split among intrusions into justice, public order, and safety departments; human resources; and national security and international affairs.
According to the list of the largest government cyber events, many of the incidents involve lost or stolen equipment, but Navy Adm. Mike Rogers, head of the National Security Agency, recently said he did not expect an attack like the one against the OPM to “be a one-off.”
China is widely suspected to be behind the attack against the OPM.
Cyber attacks suffered by governmental entities reached an all-time high in 2014, with 382 events, and in the first quarter of 2015, 95 attacks have already occurred, as criminals step up efforts to crack state, city, and federal repositories of data and sensitive information, according to Advisen Loss Insight.