Twenty Million Americans Hacked

July 10, 2015 - 7:31 AM

More than 20 million Americans had their privacy violated in the recent hack. This according to a story in the New York Times, which reports that:

The Office of Personnel Management revealed on Thursday that “sensitive information” of 21.5 million individuals was obtained last year by hackers who intruded into the federal personnel agency’s computer networks.

This in addition to:

… a previous breach that compromised the personnel data of 4.2 million federal employees.

The compromised information includes:

Social Security numbers ... material from interviews conducted by background checkers, and about 1.1 million of them included fingerprints.

The head of the OPM has said she is not resigning. As reported by Bridget Bowman at Roll Call:

Office of Personnel Management Director Katherine Archuleta said she is not stepping down following the massive breach of personnel and background investigation information at her agency — even as lawmakers are clearly frustrated with the situation and are calling for her to resign. “I am committed to the work that I am doing at OPM,” Archuleta said on a conference call with reporters after the agency announced Thursday that 22.1 million current, former and prospective federal employees and contractors were affected by two recent data breaches, including members of Congress.

Ms. Archuleta may be “committed” to her work but that doesn’t necessarily mean she knows what to do about this little problem at her agency. As Kaveh Waddell of National Journal reports, OPM:

... has not yet awarded a contract for the notifications or fraud-protection services, or even put out a request for contractors to respond to, according to multiple sources. OPM press secretary Sam Schumach said Thursday night he was not aware of a request out to contractors, and no such request appeared in an online government repository of contracts and awards.

The thinking here may be something like, “What’s the hurry. Nothing left to protect.”

So, there seems to be no feeling that heads should roll or, even, that some defensive measures be urgently taken.

Does this mean, then, that the U.S. does not plan to retaliate against the hackers? This was an attack, after all. Isn’t a counter-attack justified? Assuming, that is, that we can mount one. And shouldn’t the retaliation be massive, since the point would be both to punish and to deter future attacks? And shouldn’t it be public in some way – even if it is made so by leaks from “administration sources” – so that all the other potential hackers out there will know that if you come after us, we will be coming back at you?

So far, what we hear from Washington in the way of action is a proposal from OPM that:

All federal employees ... receive a new automatic perk for doing their jobs: free credit and identity theft monitoring services.

Surely our enemies tremble.