Life Health Life Insurance

Chinese hackers steal 4M federal personnel records: Here's what the breach means for insurance

June 05, 2015 at 08:35 AM
Share & Print

The latest high profile cyber attack involves over 4 million records of former and current government workers.

The U.S Office of Personnel Management said Thursday that it recently became aware of an incident where the records had been breached, including names, addresses, birthdates and social security numbers. From June 8 through June 19, OPM will be sending e-mails to the individuals whose personally identifiable information was compromised. The office says e-mails will come from [email protected] and will contain information about credit monitoring and identity theft protection services available to those affected by the breach.

According to its website, OPM is offering credit monitoring services and identity theft insurance with CSID, a firm that specializes in identity theft protection and fraud resolution. Individuals will receive, at no cost, a comprehensive, 18-month membership that includes credit report access, credit monitoring, identity theft insurance and recovery services.

OPM battles 2.5B attacks each month

OPM said it receives approximately 2.5 billion attacks in an average month. According to the FBI, Chinese hackers are believed to be behind this latest attack, which follows an attack by North Korea on Sony, and Russian attacks on the White House, State Department and the IRS. In February, health insurer Anthem revealed that close to 80 million of its records had been hacked. 

The information stolen can be used to create new identities or at the very least apply for credit cards and other forms of credit such as opening bank accounts. Winton Krone, managing director ofKivu, a national technology firm specializing in the forensic response to data breaches and proactive IT security compliance, says "the government should act to make social security numbers, a government creation, less valuable to cyber thieves by mandating multi-factor authentication in credit applications and IRS transactions."

Risk to classified and sensitive info

Anthony Roman, founder and CEO of Roman & Associates, Inc., who has 37 years of insurance, criminal, corporate, fraud investigation and counter-terror strategy experience, believes the hack involved "what is referred to as a 'zero day' malware attack. This name refers to software known as malware (hacking software). It is used to exploit a legitimate software's newly identified vulnerability for which a "patch" (repair) is being developed. Most repairs or patches are quickly developed. But, the malware is launched before the patch is developed, that's why it's called 'zero day.' It may take a day to develop the patch."

While there is no difference between a cyber attack on a government entity and a corporate attack, Roman says that any classified or sensitive information affected could pose risks to "the military, our national defense, banking, private industry, every segment of our economy. Billions are lost, and our defenses are weakened."

Virus spreads 'like a cancer'

Roman explains that "the data stolen during the zero day breach of government computers can be used to hack other government agencies, as the latest news reports suggest." An added danger is that "personal information can be used to mimic e-mails of a legitimate U.S. employee. The Chinese embed this e-mail with new malware and if the links are opened, they will effectively hack the new agency. The virus spreads like a cancer."

OPM recommends that individuals affected:

  • Monitor financial account statements and report any suspicious activity to financial institutions;
  • Request a free credit report from one of the three credit bureaus;
  • Consider placing a fraud alert on their credit file;
  • Be suspicious of any unsolicited phone calls, visits or e-mails from individuals asking about "you, your employees, your colleagues or any other internal information;"
  • Not reveal any sensitive information over the phone or via e-mail;
  • Install and update anti-virus software, firewalls and e-mail filters on their computers; and
  • Take steps to monitor any personally identifiable information and report any unusual activity to the FBI's Internet Crime Complaint Center (www.ic3.gov).

The Federal Trade Commission also has more information on cyber protection atwww.identitytheft.gov

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Berthel Fisher Names Recruiting Leader Fight Over House Anti-Shutdown Bill Affects Medicare Provisions Draft Bill Attacks Wealthy Families' Private Placement Life Policies 3 Ways to Give Better Advice by Understanding Behavior Death and Retirement Tax Changes Could Add $723B in Revenue Over 10 Years: CBO 7 New Findings on How Millennials, Gen Xers Want to Transfer Wealth

Resource Center

7 Ways to Take Your Practice to the Next Level link

White Paper

7 Ways to Take Your Practice to the Next Level

The Innovative RIA: Why Automation Is The Key To Sustainable Growth link

eBook

The Innovative RIA: Why Automation Is The Key To Sustainable Growth

What's Missing From Passive Municipal Bond ETFs? link

White Paper

What's Missing From Passive Municipal Bond ETFs?