Officials: Second Hack Exposed Military And Intel Data
WASHINGTON, D.C. (WJZ) -- It's information none of us would want stolen.
But it's likely happened to 300,000 Marylanders who work for the federal government.
Alex DeMetrick reports, a massive data breach exposed last week may be even larger than feared.
Targeted were the government networks that contain personnel information for virtual every federal agency.
On Friday afternoon, the AP reports several U.S. officials say hackers linked to China appear to have gained access to sensitive background information submitted by intelligence and military personnel seeking security clearances.
The forms believed accessed, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. The applicant's Social Security number and that of his or her cohabitant are required.
In Maryland that includes the Social Security Agency, NSA and NIH.
Sen. Ben Cardin (D- Md.) was welcomed to a town hall meeting with some of those federal workers.
Social Security headquarters in Woodlawn employs 10,000 people, all of whom must assume they've been hacked.
"You have been under an attack and you have been compromised by people in other countries," Cardin said.
"The federal government did not encrypt any social security numbers of all federal workers and I was concerned why they did not do that," one employee said. "I seems like such a basic thing to do."
"We've been reckless on the accessibility of a social security number," Cardin said.
And hackers found a lot more that was vulnerable to theft.
Besides social security numbers, there are addresses, dates of birth, insurance and pension information, military records, job and pay histories.
And sources tell CBS News, the number of past and current workers could be as high as 14 million, three times the original estimate.
"We will do everything we can to make sure that we protect you against the information that could be used against you," Cardin said.
While determining who stole the data is not nailed down, if it turns out to be a foreign state, Cardin said, "that becomes an action that we cannot let stand. But it's way too early to make those types of conclusions."
Although the prime suspect is half a world away from Maryland.
When it comes to making social security numbers more secure, Cardin said it will likely take the form of adding a pin number to gain access.