Why Are Government Hacks Often Bigger Than First Disclosed?

The Atlantic

Updated June 28, 2016 at 9:00 AM

Updated on June 28 at 12:00 p.m.

The U.S. government sure has been getting hacked a lot.

In July 2014, The New York Times reported that Chinese hackers broke into the servers of the Office of Personnel Management (OPM), the agency that functions as a kind of government-wide human-resources department.

More than a year later, in May 2015, the Internal Revenue Service announced that more than 100,000 taxpayer accounts at the IRS had been breached.

Both would have been bad by themselves. But since then, the number of people affected by both of those hacks have grown.

On June 5, 2015, the OPM announced it was hacked again. It said that “as many as 4 million people [had been] affected” in a different hack.
On June 22, 2015, the OPM hack grew. CNN reported that it ensnared “an estimated 18 million current, former, and prospective employees … more than four times the 4 million publicly acknowledged.”
On July 9, 2015, the OPM reported a third hack. “More than 21 million Social Security numbers” were accessed in that leak, we reported.“OPM said 1.1 million of the compromised files included fingerprints.”
On August 17, 2015, the IRS hack grew. “The total size of the breach [is estimated] at 330,000 accounts.”
On September 23, 2015, the OPM hack grew again. “The government now estimates that 5.6 million individuals had their fingerprints stolen,” we wrote.
On February 26, 2016, IRS hack grew again. “A total of about 724,000 individuals may have had their personal information stolen by hackers,” we reported.

And just this week, OPM updated its frequently-asked-questions page to clarify information about who was affected by its most recent pair of data breaches: current and former federal workers, job applicants who underwent background checks—as well as the families and close contacts of all those groups.*

All this confusion has important consequences. The fact that this is how major hacks seem to work—that they’re unknown or undisclosed for long periods of time, only for the news to arrive in a slow drip of dreadful reports—complicates the attempts of people to understand them or follow them. It also makes it hard for someone to know whether they’re personally affected or what that means.

The difficulty of pinning down even the most basic details of critical hacks—what was actually stolen, the number of people affected—is the result of an outdated but still prevalent way of thinking about cybersecurity. For a long time, organizations have defended private information by fortifying their networks’ ramparts and posting sentries on their virtual walls, hoping to ward off hacker attacks from the outside. But now, most online-security experts say that IT departments should assume their organizations will get hacked at one point or another. By more carefully scanning for suspicious activity inside their own networks, organizations could catch intruders who may have sneaked past their external defenses. The defenders could kick the intruders out and survey the damage quickly and accurately. Any victims would know right away that their information was compromised—and be able to trust that the initial assessment won’t balloon in the following months.

But this new approach to cybersecurity will take time to implement. So will this list be continued? We’ll find out.

* This article originally misstated that OPM announced this week that more people were affected by the 2015 data breaches at the agency than it had previously reported. We regret the error.

Read more from The Atlantic:

This article was originally published on The Atlantic.

Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more
Miami Heat president Pat Riley rebuked comments Jimmy Butler made about the Boston Celtics and New York Knicks, while also implying that his star needs to play more.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
Yahoo Celebrity
Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.
Once named the “Most Likable Person in the World,” the actor is under fire in a new report, accused of showing up to work late on the film “Red One,” irritating the crew and causing the budget to balloon.
Yahoo Sports
Monday Leaderboard: Brooks Koepka is ready to slow the Scottie Scheffler train
A dominant LIV win and a heartbreaking PGA Tour loss headline this week's top golf stories
Yahoo Sports
2024 NBA offseason previews: Teams' needs, free agents, draft picks, cap space and more
The 2023-024 NBA season isn't yet over. A number of teams are still dreaming of championship glory. But for those that have been bounced from the playoffs, it's time to reassess and re-evaluate for next season.
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
Yahoo Sports
Victor Wembanyama wins NBA Rookie of the Year via unanimous vote after delivering on unprecedented hype
Victor Wembanyama did everything for the Spurs as a rookie.
Yahoo Sports
Timberwolves' Rudy Gobert out for Game 2 vs. Nuggets due to birth of his child; Jamal Murray to play
Rudy Gobert may not play due to the birth of his first child.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Why Are Government Hacks Often Bigger Than First Disclosed?

Recommended Stories

Former NBA guard Darius Morris dies at 33

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

The FDIC change that leaves wealthy bank depositors with less protection

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Heat's Pat Riley unhappy with Jimmy Butler's remarks on Celtics and Knicks, implies he needs to play more

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

Social Security just passed Medicare as the government's most pressing insolvency risk

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

The best RBs for 2024 fantasy football according to our analysts

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

Dwayne Johnson is difficult to work with, report claims. The star has 'mountains of public goodwill' to offset negativity, expert says.

Monday Leaderboard: Brooks Koepka is ready to slow the Scottie Scheffler train

2024 NBA offseason previews: Teams' needs, free agents, draft picks, cap space and more

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Victor Wembanyama wins NBA Rookie of the Year via unanimous vote after delivering on unprecedented hype

Timberwolves' Rudy Gobert out for Game 2 vs. Nuggets due to birth of his child; Jamal Murray to play