The ongoing saga of the largest governmental data breach in US history took a turn for the worse in late July 2015 when investigators linked the incident to two more major cyberattacks. According to a report from the Bloomberg news outlet, the hackers behind the OPM breach also have stolen documents from both the US’s second-largest health insurer and one of the country’s major airlines.
The OPM Data Breach
The story begins with the data breach at the US Office of Personnel Management (OPM) that was announced in June 2015. The federal agency, which is in charge of handling background checks on people applying for government jobs, has an unparalleled amount of sensitive and highly personal information.
Authorities initially announced that the breach affected approximately 4 million current and former workers in the federal government. A few weeks later, the number of potential victims had swelled to over 21 million, and included applicants for positions as well as current and former employees.
Several media outlets and politicians blamed Chinese hackers for the attack, and claimed that the reason for the theft was to create a massive database of government employees’ information. The hackers could then use this information to blackmail federal workers, recruit operatives for insider attacks, and expose Americans working on clandestine projects.
China denied the allegations, with the government’s official press agency decrying the charges as “obviously another case of Washington’s habitual slander against Beijing on cybersecurity.” Notably, the White House has decided not to make any formal accusations against anyone regarding the attack.
The United Airlines Theft
The consequences of the OPM cyberattack became much worse after Bloomberg reported that the same hackers also broke into United Airlines’ computer system in May or June of 2015. The attackers reportedly stole a huge cache of files relating to millions of Americans, including information about flights’ passengers, origins, and destinations.
The hackers behind these attacks could cross-reference the information from the two breached databases in order to refine their list of targets and track the movements of key US personnel. The second attack is especially significant because United Airlines is the main airline out of the Washington Dulles International Airport, the closest airport to the US Central Intelligence Agency’s (CIA) headquarters in Langley, Virginia.
The Anthem Attack
The team of investigators also said that this same group of hackers was behind the data breach at Anthem, Inc. The health insurer announced in February 2015 that attackers had broken into the company’s computer system and potentially stolen the records of over 78 million people. Those records contained personally identifiable information (PII) such as names, birthdates, Social Security numbers, email addresses, physical addresses, and Anthem employees’ income and employment data.
In a standard criminal context, this information could be used to commit fraud and identity theft. However, in this situation, the information only adds to the hackers’ ability to build in-depth profiles about Americans that they are hoping to exploit, blackmail, or target.
In a July 2015 report, the data security firm Symantec attributed the Anthem attack to a cyberespionage group dubbed Black Vine. The document noted that Black Vine was targeting several sectors of the economy, including the aerospace, energy, defense, technology, finance, and healthcare industries.
Although other investigators have linked the Anthem and OPM data breaches, the Symantec white paper only mentions the former incident. However, the report did state that the company believed Black Vine was working with several cyberespionage actors and that it may have ties to a China-based IT security organization known as Topsec.
Learning from These Incidents
These attacks highlight the need to get serious about cybersecurity. Businesses of all sizes need to prepare both their employees and their computer systems for possible cyberattacks. This means training staff members to recognize hacking techniques like phishing in which hackers disguise their attacks by hiding them in messages that appear to be sent from legitimate organizations. Companies also need cybersecurity tools like anti-virus, anti-malware, and firewall applications. However, these tools are not enough on their own. It is important to partner with data security service providers that offer advanced, multifaceted mechanisms for defending information, detecting threats, and solving problems as they arise. Contact the Total Cover IT Team to find out more about developing a cybersecurity strategy for your business.