Federal investigators are reporting that the records of more than 4 million people have been hacked at the government’s human resources department, the Office of Personnel Management.
The government suspects Chinese hackers took names, addresses, financial information and possibly Social Security numbers. This latest hack follows a recent trend in cyber crime that targets medical records and personnel files.
“They’re incredibly valuable when we want to steal identities or impersonate somebody to steal something else,” says John Kindervag, a security analyst with Forrester Research.
Kindervag says these kinds of personal data, such as a Social Security numbers or a mother’s maiden name, can be used to gain deeper access.
“So if you can take over somebody’s identity, you can get unfettered access across big swaths of any network that they might have credentials for.”
The threat these kind of hacks pose is exacerbated by the fact that they expose not just the individual’s network, but those of their coworkers, customers or any company they have contact with, says Steve Manzuik, director of security research at Duo Security.
“If you have additional data, especially personal data on your target, you can now craft a very targeted phishing email that would be very convincing and hard for a regular user to determine if it’s real or fake,” Manzuik says.
Even if this stolen data isn’t being used to rip us off now, there is no way of telling how it might be used in the future, says Steve Pao, general manager of security business at Barracuda Networks.
“One of the things we’ve learned is that these hackers are very patient. And so right now, people are on high alert. It could be five years from now or 10 years from now that the real financial impact could be realized,” Pao says.
In addition to stealing things like intellectual property, Pao notes there is also a legitimate security threat of espionage from nation states or putting sensitive information in the hands of terrorists.