Now it’s Washington’s turn.
The U.S. government joined the likes of Sony, Target and JPMorgan this week in the unfortunate club of historic hacks.
U.S. investigators say four million former and current federal employees from nearly every government agency might have had their personal information stolen by Chinese hackers in what’s being described as the biggest breach of the government’s computer networks in history. The news follows recent revelations that Russian criminals stole the tax returns of more than 100,000 Americans from the Internal Revenue Service.
From email addresses to tax returns, the federal government collects massive amounts of personal information on Americans – data that citizens in some cases are required to hand over to comply with laws, obtain security clearance or receive benefits and jobs. After this week’s breaches, Washington will have to prove that it can keep data secure.
“The United States leads the world in identity theft, we lead the world in data breaches and the problem is getting worse,” said Marc Rotenberg, the president of the Electronic Privacy Information Center in Washington D.C. “There should be real consequences for federal agencies that cannot protect the data they collect.”
The Office of Personnel Management has urged potential victims to check their credit reports and monitor their financial transactions.
Americans are supposed to be covered by the 1974 Privacy Act, which protects the private data that the federal government collects but Rotenberg said the legislation has not been adequately enforced.
Gregory T. Nojeim, senior counsel and director of the Freedom, Security and Technology Project at the Center for Democracy and Technology called the Act, “a toothless tiger.”
With the advances in digital technology and more Americans using the Internet to access government services, the risk to consumer privacy has increased exponentially, Nojeim said. “It can’t be that taxpayers already angry about how much they are paying in taxes have to worry about their tax returns being stolen and made available to others.”
While consumers were able to file a class action lawsuit against Target resulting in a $10 million settlement in March, it is unlikely that similar actions will be taken against the federal government said Dr. Darren Hayes, the director of cyber security and an assistant professor at Pace University in New York.
“It’s very difficult for citizens to prove that the government or any other entity was negligent,” Hayes said. “There is no recourse really.”
Part of the problem is the fact that many government agencies use outdated hardware and software systems that make them more prone to hacks and data breaches, Hayes said. The federal government is also a prime target for countries like Russia and China that have sophisticated hacking operations meant to take down American infrastructure, Hayes said.
“I do sympathize with the government agencies and private sector companies who are trying to protect data,” he said, “But they are up against the threat of thousands of people dedicated to stealing this information.”