News of a second data breach at the Office of Personnel Management (OPM) in the US has come hot on the heels of revelations that the first data breach may have yielded far more than the initial estimates of four million employee records.
Last week, the Department of Homeland Security (DHS) announced that the FBI was investigating a breach at the Office of Personnel Management (OPM) and the Interior Department which was possibly linked to China.
According to The Guardian, confidential sources familiar with the investigation say updated estimates put the number of records stolen at between 9 million and 14 million. There are 4.2 million government employees so the higher figure would indicate that the data includes former employees as well.
The finger of blame in the second breach is being pointed at hackers in China who may have gained access to sensitive background information related to applications for security clearances. The Standard Form 86 data includes highly personal information about mental illness, drug and alcohol use, arrest records and personal finances including bankruptcies.
The OPM has come under harsh criticism from the American Federation of Government Employees union for failing to protect federal employees' data, not encrypting it and not providing information and answers to questions from the union and its members.
The second breach was discovered while investigating the first breach at the OPM, according to an anonymous government official quoted by the New York Times.
The OPM.gov website has not been updated with information on the second breach but the agency has promised to write to affected individuals within 30 days of confirming that their data was taken.
In related news, data from the first breach now appears to be being sold on the dark web. Some experts say that this is at odds with the general theory that the attack is the work of Chinese hackers.