Hackers stole social security numbers from 21.5 MILLION people in massive breach

  • Most of the files accessed in May were from background checks on people who applied for jobs with the government, or on their spouse or partner
  • At least 1.1 million of the stolen records included fingerprints
  • Details include social security numbers; residency and educational history; employment history; immediate family; health, criminal and financial history
  • Usernames and passwords that applicants used to fill out forms also stolen
  • White House 'not really prepared to comment' on whether it was China
  • 'Separate but related to' incident in April, affecting 4.2m federal employees 

Hackers stole 21.5 million social security numbers in an extraordinary data breach, the US Office of Personnel Management (OPM) has revealed.

The files, accessed in May, included those of 19.7 million individuals who had applied for security clearances to qualify for a job with the government. Another 1.8 million belonged to non-applicants, such as applicants' spouses or partners.

At least 1.1 million of the stolen records included fingerprints, the OPM said in a news release.

Michael Daniel, special assistant to the president and cybersecurity coordinator at the National Security Council, said he was 'not really prepared to comment' on whether China was responsible for the hack. 

Scroll down for video  

Data breach: Hackers stole sensitive information, including social security numbers, of about 21.5 million people from background investigation databases. At least 1.1 million of the records include fingerprints

Data breach: Hackers stole sensitive information, including social security numbers, of about 21.5 million people from background investigation databases. At least 1.1 million of the records include fingerprints

The incident comes after a 'separate, but related' incident in April, when files of 4.2 million current and former federal workers were stolen.

According to OPM, both breaches were discovered as the agency conducted a forensics investigation into the way federal data is managed.  

The government will now be forced to provide three years of support from a private firm specializing in data breaches for all 21.5 million victims to monitor their children, credit files and identity.  

Stolen records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and more.

Some records also include findings from interviews conducted by background investigators and fingerprints. 

Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

There is significant overlap between the two groups, according to the OPM news release.

The new breach is in addition to, and also overlaps with, the leak of four million citizens 'information in April

The new breach is in addition to, and also overlaps with, the leak of four million citizens 'information in April

Human vices, such as infidelity, compulsive gambling, problems with alcohol or drugs, as well as emotional and behavioral issues, raise red flags for officials who gather so-called 'adjudication information' - information that government investigators gather during the vetting process of potential hires and current employees seeking a higher level of clearance.

The U.S. government has attributed sophisticated attacks - including the original large-scale data theft last month - to increasingly advanced state-affiliated teams from China.

China has denied any connection with the OPM attack and little is known about the identities of those involved in it.

Asked during a conference call with reporters whether China was responsible, Michael Daniel, special assistant to the president and cybersecurity coordinator at the National Security Council, said that 'at this point the investigation into the attribution of this event is still ongoing and we are exploring all of the different options that we have.'

He added that 'we're not really prepared to comment at this time on the attribution behind this event.' 

 

 

 

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

By posting your comment you agree to our house rules.

Who is this week's top commenter? Find out now