As we learned before, that breach was discovered in April, but we now know that it began in December. That means that the attackers -- the Chinese -- had a free-for-all with this personal data for four months. According to former NSA general counsel Stewart Baker, "This is some of the most sensitive non-classified information I could imagine the Chinese getting access to."
Office of Personnel Management
The data might be non-classified, but it's as sensitive as personal information could get. Making matters worse, it's now been discovered that the attackers had a lot of time to learn the ins and outs of the system it was infiltrating. Quite simply, China had access to security clearance data for nearly an entire year.
Think about that. For nearly an entire year, a foreign country managed to not only access sensitive data in government servers, but did so without any sort of detection. It wasn't until the government actually decided to increase its security that this breach was detected.
With such swiss-cheese security, I can't help but recall a story we reported on late last month, which highlights that the funding the IRS receives has shrunk so much, it's resulted in the decrease of security team members, and the continued use of archaic solutions.
Perhaps it's time the US should allocate some serious funds to improving its security? With China having got away with this, I can't help but wonder if other breaches are happening right now that have flown under the radar.