Skip to main content

The Office of Personnel Management (OPM) data breach is worse than we thought. Contrary to the original reports from the Administration that Chinese state hackers breached the data of 4 million federal workers, that number has now grown over four times larger.

Though we still don’t know the full extent of the damage, estimates of how many current, former, and prospective federal employees who had their data stolen quickly rose to 18 million. That number could be as high as 32 million.

The effects of this massive and unprecedented breach could be catastrophic. As the Wall Street Journal editorial board explains,

“This means the Chinese now possess sensitive information on everyone from current cabinet officials to U.S. spies. Background checks are specifically done to report personal histories that might put federal employees at risk for blackmail. The Chinese now hold a blackmail instruction manual for millions of targets.

“These background checks are also a treasure trove of names, containing sensitive information on an applicant’s spouse, children, extended family, friends, neighbors, employers, landlords. Each of those people is also now a target, and in ways they may not contemplate. In many instances the files contain reports on applicants compiled by federal investigators, and thus may contain information that the applicant isn’t aware of.” 

Yet despite this massive breach and the danger it poses to federal workers and national security, the Administration has refused to tell the public just how much damage has been done.

What we do know is that OPM knew about the breach for over a year and failed to do anything about it. And instead of taking responsibility for this failure to protect itself and working to fix the problem, the Administration has taken to blaming Congress.

If the Administration won’t give Congress the full picture, Congress will work to get the facts ourselves. Today, the House Oversight and Government Reform Committee conducted a hearing with OPM Director Katherine Archuleta so she can explain to the people’s representatives just how bad this breach really is and how extensively the Administration’s cybersecurity failed.