If you ever wanted to find out who our spies are, or who was undercover, or if someone had a bit more government access than they claimed, how would you do it? Well the best way would be to find out if they had a security clearance.
If you wanted to craft an identity for your own people without having to really work at it, hacking into the government’s security clearance database would be the way to go.
And here we are. China is suspected of hacking the Office of Personnel Management security database. What did they get? How about the last ten years of everyone in the system for starters.
Military, government, IRS, FBI, State Department, and a host of other Federal, State, and contract positions require security clearances at various levels. In order to apply for that clearance, you provide the government with your background, all of it going back ten years in most cases.
Where you lived, who you know, addresses, names, dates, and more. The government uses this information to check up on you to make sure you are trustworthy enough to have access to restricted information.
Well someone just hit the mother lode.
OPM is sending out email notifications for free credit monitoring. That is fine and well but the true scope of this has yet to be seen.
Whoever has the data could use it to compare lists of known personnel against unknown names. A General in the military can be presumed to have a clearance at the highest levels. However, once you clear out all the known personnel, you can find those who are hiding.
Using this data, they can compromise our intelligence agents, undercover law enforcement, and they can use the information to build their own undercover agents identities and allow them to waltz right past all the security designed to stop them.
It is estimated that over four million records were compromised. Small fry like those with a Secret clearance, which only allows for operational access would be low on the priority list for compromise unless something significant about them changed.
The more potent Top Secret compartmentalized clearance levels will tell you who has access to national security-level information.
The best-case scenario? Everyone will have to be vetted against the data to make sure we know who is who.
The middle case scenario? People start having identity theft issues and credit problems because of fake accounts set up using their real data.
The worst-case scenario? People start disappearing.