A week after the government disclosed a massive hacking breach on government computer systems containing sensitive information on federal employees, the head of the country’s biggest union representing some of those workers shed some new light on what kind of information was compromised.
David Cox, president of the American Federation of Federal Employees, in a letter to Katherine Archuleta, director of the Office of Personnel and Management, wrote that the hackers appear to have made off with information on every single active non-military federal employee, former employee and every retiree who used to work for a federal agency.
The letter says the attack has “every person’s Social Security Number, military records, veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information.”
It goes on to say the organization believes that the Social Security numbers in particular were not encrypted, calling that a “cyber security failure that is absolutely indefensible and outrageous.” The attack breached the government’s Central Personnel Data File, Cox writes in the letter.
The FBI announced that it was investigating the attack on the OPM on June 4. Initial estimates said that information on more than four million people was involved.
The FBI hasn’t said who might be responsible, but Nevada Sen. Harry Reid, who is among a group of lawmakers that gets briefed on intelligence information, has publicly attributed the attack to “the Chinese,” without elaborating if he meant that country’s government or hackers acting alone within its borders.
The OPM hasn’t commented on the scale of the information, saying that the incident remains the subject of an active criminal investigation. A spokesman for the agency didn’t immediately return a message left outside of business hours.
In the letter, Cox, whose organization represents 670,000 federal workers, called for the government to provide employees with lifetime credit monitoring services, instead of the 18 months of monitoring they have been offered, and liability insurance to cover costs stemming from the breach. He also criticized OPM for outsourcing the response to address concerns of federal employees to a contractor.
Here’s the letter.
This article originally appeared on Recode.net.