I recently published a blog about the data breach at the Office of Personal Management (OPM) and the Interior Department which is being blamed on China.
In the last week, there have been a number of experts giving more detail on the depth of the stolen data. The concern is about Standard Form 86 which is used to collect data on potential federal employees applying for positions in National Security.
As you can imagine, this form probes into areas of someone’s background, family and friends that not even those close to the person may know. There are 127 pages of the form and the collection of information includes citizenship, passport, residence schools, military service, employment, financial records, alcohol and drug use, criminal records, psychological and emotional health, groups that may have been associated with, foreign travel, associates including relatives and friends.
The data is extremely valuable to any foreign government or intelligence agency, knowing your enemy in this much detail is a definite advantage. Some observers are suggesting that the data may even be used to blackmail people. While there is of course this possibility, I doubt anyone who successfully got a position in the NSA would be susceptible to blackmail…
However, there is the risk of an unsuccessful applicant being blackmailed with the data on their Standard Form 86. Naturally, this is bad news for them and they need protection as they are not in positions of national security.
Any breach that affects the people responsible for our security is extremely serious and there needs be a robust plan to assist current and past employees, and even those who simply filled out the form.
Personal data is becoming the primary target for many cyber criminals, foreign powers and governments and the holders of the data need to take precautions to secure it. We are all potential victims of data theft and it’s our responsibility to understand the dangers of handing over our data.
While in this case there is no alternative for national security employees, in many of the data breach cases recently there are ways that we can limit our exposure by sharing less.