Second OPM Hack Revealed: Even Worse Than The Firsthttps://www.techdirt.com/articles/20150612/16334231330/second-opm-hack-revealed-even-worse-than-first.shtml

from the the-federal-government,-ladies-and-gentlemen dept

Oh great. So after we learned late yesterday that the hack of all sorts of data from the federal government's Office of Personnel Management (OPM) was likely much worse than originally believed -- including leaking all Social Security numbers unencrypted -- and that the so-called cybersecurity "experts" within the government weren't even the ones who discovered the hack, things are looking even worse. That's because, late today, it was revealed that there was likely a separate hack, also by Chinese state actors, accessing even more sensitive information:

The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant is required.

In a statement, the White House said that on June 8, investigators concluded there was "a high degree of confidence that ... systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated."

"This tells the Chinese the identities of almost everybody who has got a United States security clearance," said Joel Brenner, a former top U.S. counterintelligence official. "That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That's a gold mine. It helps you approach and recruit spies."

And yet... this is the same federal government telling us that it wants more access to everyone else's data to "protect" us from "cybersecurity threats" -- and that encryption is bad? Yikes.