Hacked OPM data hasn't been shared or sold, top spy-catcher says

Register now

(Bloomberg) -- Stolen data on 21 million individuals, including Social Security numbers and 5.6 million fingerprints, from a massive 2015 hack against the Office of Personnel Management doesn’t appear to have been shared or sold by the perpetrators, said William Evanina, the head of U.S. counterintelligence.

“Whoever took this data, we’re pretty confident they haven’t shared it,” Evanina, whose title is Director of the National Counterintelligence and Security Center, said in an interview Thursday in Washington. “It wasn’t a black-market thing, and we don’t think you’re going to see people’s Social Security numbers or credit-card numbers out there.”

The prospect that another country has the information and is holding it closely, Evanina said, is better than the alternative: rogue hackers looking to profit from the theft by selling the information to the highest bidder.

“The longer we go where someone’s credit card or Social Security numbers or viable information like that isn’t used to put people in a risk financially, the more comfortable we are that a foreign government did take it and, from an intelligence perspective, I know they’ll keep it close hold,” using the data in a more targeted fashion, Evanina said.

Cybersecurity experts believe the attack was carried out by China, though Evanina said the U.S. hasn’t reached that conclusion.

Evanina said he wasn’t downplaying the damage done by the OPM hack: In addition to sensitive personal information, the breach also exposed people who were screened for U.S. government security clearances and may have worked as intelligence agents overseas.

At the time, the OPM hack was one of the largest hacks in the U.S. It has since fallen in those rankings. Earlier this month, credit-reporting company Equifax Inc. said personal data on 143 million people was stolen.

Bloomberg News