On June 4, 2015, four million current and former federal employees were informed that China-based hackers were suspected of gaining access to and compromising their personally identifiable information (PII) via a breach of government computer networks. The scope of the attack has allowed it to be described as one of the largest governmental data thefts.
What actions have been taken since the attack?
Directly after the attack, the administration decided to expand the National Security Agency’s internet traffic surveillance, especially in regards to international hackers. The FBI is currently investigating the attack by looking into the threats posed to the public and private sectors. The Office of Personnel Management (OPM) reported that federal employees will be appropriately notified and given access to credit reports, credit monitoring, identity theft insurance, and recovery services. The OPM is responsible for collecting and processing security clearance forms, which were accessed in the breach. It is possible that the hackers have access to the personal and professional references of the victims. Because of the breadth of the data held by the OPM, the agency is telling individuals to monitor and report unusual activities.
Why have the culprits not been prosecuted?
American officials claim that the hackers have links to the Chinese government, which complicates prosecution and leads to limited solutions. Officials speculate that the attack on federal employee records is part of a larger scheme to gain access to healthcare records and contractor information. Because cyberattacks conducted from other countries are even harder to track, there has been controversy over the speculated blame. A spokesman for the Chinese Embassy has dubbed the accusations irresponsible and has expressed that China’s laws prohibit cybercrimes. On April 1, 2015, President Obama, via an executive order, responded to another unidentified attack on computer networks with a sanctions program against foreign individuals. Since then, there has been focus on new surveillance measures and building a stronger security infrastructure.
How does this affect the American public?
Concern for the cyberattacks is especially heightened because of the targeting of governmental data. The U.S. government is thought to possess state-of-the-art technologies for protection against cybersecurity attacks. With all of the expenditure towards cybersecurity, and the recent breaches, the average American is bound to feel a lack of trust. In May 2011, the White House commissioned the International Strategy for Cyberspace report, stating that the United States has the right to “self defense that may be triggered by certain aggressive acts in cyberspace that is consistent with the United Nations Charter.” However, cyberspace remains a new arena and it is challenging to prosecute international cyberattackers. Although, current and former federal employees were the targets of the attack, the information obtained could lead access to other people’s information. The OPM will notify the victims, but it is difficult to trace them if the information leads to individuals who are not federal employees. As such, it may result in the rise of civil lawsuits related to cybersecurity and identity theft.
At our law firm, we assist clients in legal issues related to cybersecurity breaches and data protection. You may contact us in order to set up an initial consultation.