At first, it was 4 million. That number soon quadrupled to 16 million and now it's reported that over 18 million people could be victims. I'm talking about the huge number of people who are at risk in the latest cybersecurity breach from the United States Office of Personnel Management. Now, government officials are saying that even people who simply applied for government positions but didn't get the job are at risk. And the number of people affected is expected to grow even more.
Important: Are you or someone you care about a potential victim? At this point, we must assume anyone who has ever worked for the Federal government as an employee or a contractor, plus everyone who has applied for a Federal position could be affected. Further down in this article I'll tell you what you should be doing now to protect your security.
The hackers rummaged around in Federal data systems undetected for a year before U.S. security teams, assigned to strengthen online security protocols, figured out that systems were hijacked. Though this huge breach was discovered in April, there has been little information about where it came from and who's responsible.
Government officials have hinted at the Chinese being responsible but there's been no formal accusation. The Chinese government has repeatedly denied its involvement in the whole ordeal. The matter is expected to be discussed further today when Obama and several Chinese officials meet.
Chinese Foreign Ministry spokesman Lu Kang says that this issue can be resolved with the countries working together.
"China and the United States had previously always had a good dialogue mechanism on issues of Internet security. Because of reasons that everyone knows about, and not because of China, this dialogue has stopped," Lu said.
Hopefully it will go better than last year, when the U.S. formally charged five Chinese government officials of cyberhacking. As a result, the Chinese stopped meeting completely and cut off dialog.
Since the hackers are suspected to have been in the systems for over a year, we are expecting the worst-case scenario. Stewart Baker, a former National Security Agency general counsel, explains that the longer hackers have to look around in systems, the worse it will be.
“The longer you have to exfiltrate the data, the more you can take,” he said. “If you’ve got a year to map the network, to look at the file structures, to consult with experts and then go in and pack up stuff, you’re not going to miss the most valuable files.”
Any and everyone who might be affected by this huge hack should change their passwords right away. Now that the leak has been discovered, this is the riskiest time as the hackers may want to take advantage of the stolen data before passwords are changed.
Also, while the government says that it will provide credit monitoring for victims, that is not yet set up. By the time they do, it may be too late. So it is up to every individual to protect themselves right now.
Everyone needs to create strong, unique passwords for each of their accounts. That means using absolutely zero personally identifiable information in each password. The best way is to use a password manager with a random strong password generator.
I'll keep you updated with the latest information about this major security story like I have since we found out about it. How many victims do you think this will eventually affect? Please let me know in the comment section below.