A second attempt to steal government information that was made public on Friday might be even bigger than the data breach that occurred when thieves hacked into the Office of Personnel Management in April, White House spokesman Josh Earnest said on Monday.
The second intrusion “involved a different system and a different set of data, and I think you could logically conclude that … a larger amount of data and information was potentially affected,” Earnest said. The second breach involved the scouring of information on military personnel seeking security clearances.
If the second data breach is in fact bigger, that would make it quite large. The first OPM data breach is thought to have successfully gained access to the basic personal information of about 4 million current and former federal workers.
The administration has refused to say who’s behind either breach, and says only that investigations are continuing. However, anonymous government officials and many lawmakers readily say the OPM hack was based in Beijing.
National Security Advisor Susan Rice on Friday met with General Fan Changlong, vice chairman of the Central Military Commission of China, at the White House. According to a readout of their meeting provided by the White House, Rice “underscored the importance of strengthening risk reduction measures and narrowing areas of disagreement, including on maritime and cyber issues.”
The White House has been scrambling to take steps aimed at boosting cyber protections since the OPM hack was discovered in April. On Friday, the Office of Management and Budget issued a fact sheet announcing the 30-day “cybersecurity sprint” that U.S. Chief Information Officer Tony Scott “recently” launched.
“Federal departments and agencies have implemented capabilities to better manage cyber vulnerabilities when they arise, and agencies are instituting new methods of conducting business like requiring employees to log-on to networks using privileged credentials, instead of other less secure means of identification and authentication,” the OMB fact sheet read. “Still, recent events underscore the need to accelerate the Administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure.”
Under this policy, all federal agencies must use indicators provided by the Homeland Security Department and immediately tell DHS if they detect malicious cyber activity; immediately act upon weekly vulnerability scan reports provided by DHS; limit the number of privileged users and functions that privileged users can perform; and deploy new authentication systems that make it harder for hackers to guess passwords.
A recent Government Accountability Office report declared that the number of “information security incidents” exploded over the last eight years. In 2006, 5,503 were reported, and 67,168 incidents were reported in fiscal 2014.
