During his long tenure as FBI Director, J. Edgar Hoover amassed a huge collection of information on American politicians, government employees, activists, and anyone else he deemed important enough to probe. Hoover wielded those dossiers to prolong his grip on power, impact public policy, and distort American politics for decades. That information remained tightly controlled, used only when Hoover thought it would benefit his agenda. When he died, his longtime personal secretary Helen Gandy destroyed most of those records before anyone else could get their hands on it.
Now imagine what would have happened had Gandy sent the files to China. That’s pretty much the equivalent of the damage done by the OPM hack, as The Daily Beast’s Shane Harris reports today. The hack exposed the “adjudication information” from security clearance investigations — the raw data on embarrassing personal details that goes way beyond the SF-86s already known to have been exposed:
A senior U.S. official has confirmed that foreign hackers compromised the intimate personal details of an untold number of government workers. Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.
Those details, which are now presumed to be in the hands of Chinese spies, are found in the so-called “adjudication information” that U.S. investigators compile on government employees and contractors who are applying for security clearances. The exposure suggests that the massive computer breach at the Office of Personnel Management is more significant and potentially damaging to national security than officials have previously said.
Three former U.S. intelligence officials told The Daily Beast that the adjudication information would effectively provide dossiers on current and former government employees, as well as contractors. It gives foreign intelligence agencies a roadmap for finding people with access to the government’s most highly classified secrets.
Obama administration officials had previously acknowledged the breach of information that applicants voluntarily disclose on a routine questionnaire, called Standard Form 86, but the theft of the more detailed and wide-ranging adjudication information appears to have gone overlooked.
This information didn’t come out initially, which is why it got “overlooked.” The Wall Street Journal reported yesterday afternoon that the lack of transparency on the hack resulted from a deliberate policy of obfuscation. The Obama administration decided to play this as two distinct hacks rather than one overall effort, a strategy that allowed the White House to hide the worst aspects of the stunning defeat:
The Obama administration for more than a week avoided disclosing the severity of an intrusion into federal computers by defining it as two breaches but divulging just one, said people familiar with the matter.
That approach has frustrated lawmakers as they probe the administration’s handling of one of the biggest-ever thefts of government records.
Agents with the Federal Bureau of Investigation suspect China was behind the hack of Office of Personnel Management databases discovered in April, and that those hackers accessed not only personnel files but security-clearance forms, current and former U.S. officials said. Such forms contain information that foreign intelligence agencies could use to target espionage operations. Chinese officials have said they weren’t involved.
The administration on June 4 disclosed the breach of personnel files—but not the security-clearance theft. That theft was disclosed a week later, even though investigators knew about it much earlier, people familiar with the situation said.
The WSJ report notes that 18 million Social Security numbers may be at risk for identity theft now, a number that has consistently escalated from the original OPM claim of under 2 million. Jason Chaffetz thinks it may be worse than that. Noting OPM’s latest budget rationale, Chaffetz says it looks like the number may be closer to 32 million — or 10% of the US population:
Data breaches at the Office of Personnel Management may have affected 32 million current, former and prospective federal employees, Rep. Jason Chaffetz said Wednesday.
That number could include potential military enlistees, as well, he told a hearing of the House Oversight and Government Reform Committee, which he chairs.
That number comes from the agency’s fiscal 2016 budget proposal, in which it notes that OPM stores more personally identifiable information than any other agency.
That includes “banking information for more than 2 million annuitants and background investigations for more than 30 million people,” the budget document states.
In a hearing yesterday on the OPM hack, Chaffetz strongly suggested that OPM chief Katherine Archuleta consider another line of work:
For Archuleta, it was the latest appearance before angry lawmakers demanding answers about the personal information, including information used for background investigations for those seeking a security clearance. Some lawmakers have urged the White House to fire her.
House Oversight and Government Reform Committee Chairman Jason Chaffetz, a Utah Republican, said Wednesday he had no confidence in Archuleta.
“I think you are part of the problem,” Chaffetz said. “That hurricane has come and blown this building down, and I don’t want to hear about putting boards up on windows (now). It’s time for you to go.”
How could anyone have confidence in Archuleta at this point? The White House says that Barack Obama still does, but why is anyone’s guess. With up to 10% of the population now at risk for identity theft thanks to Archuleta’s ineptitude and the lack of disclosure from a poorly attempted strategy of misdirection, confidence in Obama – already getting lower — will dive as long as he keeps himself tied to Archuleta. A competent administration would have fired her weeks ago … but then again, a competent administration would have hired someone more capable in the first place.