While the number of stolen documents compromised in the massive U.S. government Office of Personnel Management hack that led the all sectors of the government begin compromised may remain a mystery, sources first indicated that the confidential information of nearly 4 millions federal employees was stolen, however new research indicates hackers actually accessed a second set of highly confidential information. The recent government breach may be one of the largest hacking incidents of all time.
To understand the scope of data hackers have access too, we first must look at Standard Form 86, a form which is to be completed by every person applying for National Security Position in the United States. On Friday, it was revealed that hackers gained access to all of the data on Standard Form 86 which was filled out by millions of former and current military and intelligence personnel. The U.S. government now believes the stolen information resides in the hands of the Chinese government.
According to Vocativ, the stolen data from the massive government OPM breach may be worth a whopping $140 million in underground darknet markets, strictly due to the contents the information may provide. They even reported that stolen data from the OPM hack has already began to surface on some of the largest dark net markets.
Reports show the dark net marketplaces listing the OPM hacked data for sale includes Agora, Alpha Bay and Nucleus. Depending on the contents of the hacked data, sets are being sold anywhere from 50 cents to $10 per each data set.
Throughout different markets, the hackers are selling the sets in bundles of several thousands as low as 50 cents while other sets contain a single personal file worth $10 apiece.
A typical data set from the stolen information includes a government worker’s Social Security numbers, street address, phone numbers, gender, data of birth, race, marital status and ethnicity. All of the listed information is a goldmine for fraudsters wishing to commit financial or identity fraud.
The second database in which hackers are believed to have broken into was the Central Personnel Data File, which contains records with Social Security numbers and home addresses of former and current personnel.
Reports also indicate that a number of sellers on these marketplaces use the phrase “updated 4.22” in their sales to indicate that the breach affected 4.2 million government workers. However, other sellers marked their batches as “new DB added,” referring to a new database. It’s currently unclear what the new DB refers to.
A congressional official with insider knowledge on the investigation into the massive government breach said the number of government workers that have been affected by the breach is likely closer to 14 million rather than their initial 4.2 million diagnosis. Calculating the amount of stolen information yields a whopping $140 million for the hacked OPM data.
However, other officials close to the investigation told Politico the $140 million estimate is lavish. “I don’t know who could arrive at that number,” one union official added.
Regardless, government employees information stolen in the OPM breach has already cone up for sale on underground markets, marking one of the largest and most severe hacks of all time.