WASHINGTON—NCUA says that, currently, the U.S. Office of Personnel Management (OPM) has not informed the the agency that NCUA employee records and files are involved in the massive computer hack of the federal government.
Chinese hackers are suspected of being behind the data breach at the OPM, which essentially functions as the federal government’s human resources department. The attack may have compromised the personal data of some four-million current and former federal employees.
“At this point, we have no information that NCUA employees are affected,” said spokesperson John Fairbanks. “We have shared information on the breach provided by the Office of Personnel Management with our employees.”
Declining to comment on whether NCUA has been targeted by cyber-crooks, or if the agency has taken steps to bolster its cyber defenses, Fairbanks acknowledged that NCUA knows it is not immune from cyber-criminals.
“Cyberattacks are now a fact of life, and cybersecurity is an ongoing priority for the agency,” said Fairbanks. “We are continually assessing potential threats and the effectiveness of our cybersecurity program to protect NCUA, our employees and credit unions’ data.
Biggest Government Hack
Thought to be among the largest known thefts of government data in history, cyber-thieves reportedly stole credit card data, banking records, and other forms of financial information from the OPM, affecting people across the spectrum of the federal government—data that can be used to facilitate identity theft or fraud.
Many of the victims are likely members of credit unions that serve federal agencies.
The OPM reported that last year it had updated its cybersecurity defenses, adding numerous tools and capabilities to its networks, which the OPM stated made the agency aware of the incident in April.
The agency is restricting the number of federal employees who can access government networks remotely and deploying new anti-malware software.
Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team and the FBI to determine the impact to federal personnel, the OPM stated on its website. OPM said it has immediately implemented additional security measures to protect the sensitive information it manages.
OPM said that beginning June 8 and continuing through June 19, it will be sending notifications to approximately four-million individuals whose personal information was potentially compromised in the incident, offering free credit monitoring and identity theft protection services.
China Denies Responsibility
Fox News reported that China is denying responsibility for the hack. A spokesman for the Chinese Embassy in Washington called the accusations "not responsible and counterproductive," the news outlet reported.
The OPM breach follows last week’s hack of the IRS, where crooks obtained prior-year tax-return data for more than 100,000 households from an agency website.
And earlier this year health insurer Anthem reported that hackers gained access to personal information on as many as 80 million customers. Last year Home Depot reported that 56 million cards might were compromised in a five-month attack on its payment terminals.
NAFCU, which has been pressing Washington to pass legislation to impose stronger cyber security standards for retailers and all companies that handle sensitive personal data, emphasized the growth of the large breaches.
"Cybersecurity is everyone's concern and this is another example how disruptive and dangerous it is,” said President and CEO Dan Berger. “Unfortunately these attacks are quickly becoming the new normal, whether from financial criminals or state-sponsored."