WASHINGTON: Millions of government employee records apparently stolen by Chinese hackers were not encrypted, and software designed to block known computer breaches has not been installed to protect most of the files, officials said Tuesday.
The latest disclosure came as officials continue to investigate two devastating hacks into the files of the Office of Personnel Management, the federal government’s human resources agency. The cyberattacks have exposed how vulnerable and outdated are many of the computer systems that the federal government uses to store details collected for job applications, security clearances and other needs.
Intelligence officials are concerned that Chinese intelligence services or others could use the sensitive information, which can include medical histories and other personal details, to blackmail or otherwise recruit spies in the U.S. government and to design carefully tailored emails to infect computers of federal workers with access to secret files.
Chinese officials deny being behind the incursion.
During a contentious congressional hearing about the massive digital theft of personnel files, lawmakers ripped into the officials in charge of securing the networks.
“You failed. You failed utterly and totally,” Rep. Jason Chaffetz, R-Utah, chairman of the House Oversight and Government Reform Committee, told the officials.
The agency’s inspector general had recommended last year that security on the databases be upgraded. Many electronic files that hold Social Security numbers, health carrier information and other details about the personal lives of officials and government contractors are so antiquated that federal computer experts are unable to encrypt the files at all, said Donna Seymour, the top technology officer for the Office of Personnel Management.