OPM and Homeland Security executives testify June 25. From left to right: OPM Director Katherine Archuleta, OPM CIO Tony Scott, DHS Assistant Secretary for Cybersecurity Andy Ozment, and OPM Inspector General Patrick E. McFarland. Susan Walsh/Associated Press
OPM Says More Hack Details Coming, But Notification of Affected Feds Could Lag
OPM is striving for accuracy in counting feds affected in second hack.
A lot of different figures have been thrown around to quantify the number of individuals affected by recent network breaches at the Office of Personnel Management.
OPM itself has stuck to its initial 4.2 million estimate, which agency officials offered June 4 when they first announced OPM's records had been pilfered by hackers. But on June 12, when the agency confirmed a separate related breach of security clearance files, officials acknowledged the number of people affected was possibly much higher. Subsequent reports have suggested that the final tally of current and former federal employees, retirees and job applicants whose personal information was compromised could total 14 million, 18 million or even 30 million.
All the speculation could soon come to an end.
“Hopefully we’ll have a number to release next week,” said Samuel Schumach, an OPM spokesman. He added there has been a lot of “conflation” of different numbers floated, and the delay is simply the result of ensuring precision.
“We want to make sure any information we are releasing is as accurate as it can be,” Schumach said.
The spokesman confirmed the tentative timeline it told lawmakers and union groups earlier this week. The announcement will definitively state the number of employees and applicants whose data was exposed during a breach of background check and security clearance data. The original 4.2 million figure dealt only with the initial hack of personnel records for former and current federal employees.
In testimony to Congress last week, OPM Director Katherine Archuleta declined to give an estimate of the number of individuals affected by the security clearance data hack, saying OPM was still calculating the tally.
The confusion over who exactly was affected has caused a backlog for the contractor tasked with providing credit monitoring and customer service to hacked employees. CSID told Government Executive its service centers received “higher than expected” call volumes, as many callers have not been formally notified that their information was compromised -- they simply wanted general information.
Schumach said even once OPM finalizes who exactly was affected by the second data breach, it has not yet determined a timetable for notifying the new round of individuals that their information was compromised.
“At this time we just don’t know about policy on notification,” Schumach said. OPM officials have previously said the agency would send out the notifications “as soon as practicable.”