The Hacking of Federal Data Is Much Worse Than It First Seemed

Cyber-attacks linked to China appear to have resulted in the theft of security-clearance records with sensitive data about millions of American military and intelligence personnel.

Kacper Pempel / Reuters

To truly understand just how rigorous and intrusive the process to get security clearance for the federal government is, take a look a Standard Form 86.

Formally known as the Questionnaire for National Security Positions, the document requires that an applicant disclose everything from mental illnesses, financial interests, and bankruptcy issues to any brush with the law and major or minor drug and alcohol use. The application also requires a thorough listing of an applicant’s family members, associates, or former roommates. At the bottom of each page, a potential employee must submit his or her social security number. Given the questionnaire’s length, that means if you’re filling out this document, you will write your social security number over 115 times.

On Friday, it was revealed that all of the data on Standard Form 86— filled out by millions of current and former military and intelligence workers— is now believed to be in the hands of Chinese hackers.

This not only means that the hackers may have troves of personal data about Americans with highly sensitive jobs, but also that contacts or family members of American intelligence employees living abroad could potentially be targeted for coercion. At its worst, this cyberbreach also provides a basic roster of every American with a security clearance.

"That makes it very hard for any of those people to function as an intelligence officer,” Joel Brenner, a former top U.S. counterintelligence official, told the AP. “The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That's a gold mine. It helps you approach and recruit spies."

What’s particularly stunning about this development is how quickly it grew into something so severe. Last week, officials estimated that the personal data of 4 million current and former federal employees had been compromised. Then that figure ballooned to as many as 14 million.

Speaking to The Washington Post, one official ominously likened this new revelation to cancer, “Once you start operating on the cancer, you find it has spread to other areas of the body.” The subtext here is that we may not have even hit the apex of this scandal yet.

In the meantime, China continues to deny that it stole the information and the U.S. Office of Personnel Management isn’t saying much either. “Once we have conclusive information about the breach, we will announce a notification plan for individuals whose information is determined to have been compromised,” said OPM spokesman Samuel Schumach.

Given the reach of the data thought to be stolen, it might be easier for the OPM to contact those whose information hasn’t been compromised.