The Office of Personnel Management data breaches by Chinese hackers could affect 32 million federal workers and retirees, House Oversight Committee Chairman Jason Chaffetz (R-Utah) warned Wednesday.
“Many more workers were affected than previously disclosed,” said Chaffetz, the investigative committee chair.
The number of adults impacted could be potentially higher than Chaffetz’s 32 million because the 18.2 security background checks that were hacked includes people who applied for jobs but weren’t hired.
So far, OPM is offering credit report access, credit monitoring and identity theft insurance only to the 4.2 million workers and retirees whose personnel records were stolen.
But committee member Michael Turner (R-Mich.) noted Social Security numbers “are all over the place” in the security clearance reviews.
“Every employee and retiree should be given tools to secure their records,” said Michigan Republican Tim Walberg.
The congressmen at the hearing were generally upset at OPM’s response to the crisis.
Nearly 80 percent of federal employees and retirees surveyed by Federal News Radio rated OPM’s communications with them on the data breaches as poor.
In defense of the agency, OPM Director Katherine Archuleta said her staff thwarts millions of cyberattacks per month.
“In 18 months, we have made significant progress, but so have our aggressors,” said the OPM head.
She cautioned hackers are so sophisticated that data encryption does not alone guarantee protection.
Archuleta contended encryption would not have protected the files that were hacked because the attackers were able to steal user IDs and could have decrypted the information.
She would not take OPM Inspector General Robert McFarland’s recommendation to improve cybersecurity by shutting down decades old, vulnerable computer systems because it would mean retirees would not get paid.
“That may be,” McFarland said.