Social Security numbers were unencrypted and part of hacked data, AFGE says.
Every current federal employee and retiree was part of the 4 million workers whose personal information was compromised in the hack of Office of Personnel Management data, according to a union.
American Federation of Government Employees National President J. David Cox said in a letter to OPM Director Katherine Archuleta Thursday the “central personnel data file” was the targeted database, meaning all 2.1 million civilian federal employees' personal information was compromised. The information, according to AFGE, includes: Social Security numbers, military records and veterans’ status information, address, date of birth, job and pay history, health insurance and life insurance data, pension information, age, gender, race, union status and more.
Cox noted his knowledge was based on the “sketchy information” OPM has provided to the union. In addition to every federal employee and retiree, he said, the personal data of 1 million former federal employees was also hacked.
OPM has not confirmed exactly whose information was included in the breach, though it has begun sending out notifications to those who were affected.
AFGE charged OPM with not encrypting Social Security numbers, calling that decision a “cybersecurity failure that is absolutely indefensible and outrageous.”
Cox also said the 18 months of credit monitoring and $1 million in identity theft insurance the government is offering was inadequate, calling for lifetime monitoring and liability insurance that covers the “entirety of any loss attributable to the breach.”
OPM has set up a call center for federal employees to ask questions about the hack, which has been contracted to CSID. That outsourcing “adds insult to injury,” Cox said, adding -- as other unions have complained -- that conversations with a human are not guaranteed.
The union president asked OPM to issue a directive to agency heads advising them to allow employees to access their personal computers and emails during work hours to ensure the protection of their hacked information. As previously reported by Government Executive, Cox said AFGE will join other unions in issuing “demands to bargain” for represented workers in relation to the breach.
“I understand that OPM is embarrassed by this breach,” Cox wrote. “It represents an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.” Cox asked for more information on exactly what happened, who was responsible and how affected employees will be compensated.
OPM did not respond to a request for comment on this story.