James Comey, FBI chief, says his own info was hacked in OPM breach; it was ‘enormous’

The White House is expected to announce that the cyberhack into the Office of Personnel Management allowed a government adversary to obtain data on “millions and millions” of government background records, some that date back to two decades, Federal Bureau of Investigation Director James Comey told lawmakers Wednesday.

That adversary, likely Chinese hackers, were also able to gather a “huge amount of data” during the “enormous breach,” Mr. Comey said during a U.S. Senate Select Committee on Intelligence hearing. OPM has said 18 million or more Social Security numbers may have been exposed.

The data breach uncovered the information from everyone who applied for federal employment using a Standard Form 86, known as an SF-86, over the span of two decades — including Mr. Comey’s SF-86 forms that detail answers to questions such as bankruptcy, drug use and exposure to foreigners.

“I’m sure the adversary has my SF-86 now,” Mr. Comey said. “My SF-86 lists every place I’ve ever lived since I was 18, every foreign travel I’ve ever taken, all of my family, their addresses. So it’s not just my identity that’s affected. I’ve got siblings. I’ve got five kids. All of that is in there.”

That extensive SF-86 delves into the personal records, relationships and foreign exchanges that a government employee has made over the course of his or her life. So the numbers of cyberhack victims are expected to “quickly grow far beyond the number of federal employees, which is millions,” Mr. Comey said.

“It is a huge deal,” he said.

Since the data breach became public, several senior White House officials “have been in touch” with OPM Director Katherine Archuleta and other top managers, said White House Press Secretary Josh Earnest.

OPM personnel are now in the process of instituting additional network security precautions, which include restricting remote access for network administrators and restricting network administration functions remotely. Those precautions include deploying anti-malware across to protect and prevent the deployment or execution of tools that could compromise the network, according to the statement.

Obama administration officials became aware of the stealthy data breach in April and immediately launched an investigation into the breach along with the FBI and Department of Homeland Security. By May, administration officials had realized that an adversary of the U.S. government had obtained the background records of about 4 million federal employees.