In the James Bond movie Skyfall, 007 is trying to save the world, or MI6 by going after the hacker that broke into their network; we see a recurrent theme in Mission Impossible, when Ethan Hunt was going after that NOC list that had every agent; these are the great stories that spy movies are based on; get the info and then you can get the guy!
Well the news that the Chinese hacked into OPM data and stole millions of personnel records gets more and more interesting. Business Insider is reporting that SF86 (hyperlink the form) forms were also compromised. This Government “Standard Form” is an exhaustive examination of the life of anyone applying for government security clearance. The details collected include financial records (with gambling addictions and any outstanding debt), drug use, alcoholism, arrests, psychological and emotional health, foreign travel, foreign contacts, neighbors and not to mention an extensive list of all relatives. What is attached to these documents as back up could be more concerning, what are the details that your neighbor Jim shared about your personal life with the OPM investigator, your overwhelming parties or lavish lifestyle. This data breach includes very high valued data. This demographic data has been constantly talked about in movies for years to gain leverage on a potential “agent”. Mixed this personal date together in with the suspected government sponsor hacks of health care PHI (personal health information), this is quite the demographic database on US citizens to attempt to recruit agents.. Big Data is certainly under a Big Attack.
Once these state sponsored attack approaches get into second and third tier criminals, more data could be at risk. This certainly starts to affect mainstream corporations both large and small. We can see that most organizations are constantly reviewing their security policies, data retention, and infrastructure, and now so probably even more.
While these cyber breaches collecting Big Data on US citizens have very little application for most of corporate America, there are certain things to keep watch over. These recent breaches have certainly caught large enterprises off guard and exposed major security flaws. Financial services have been secured for many years but now the focus has shifted beyond money but to personal and demographic data that can be webbed together and used for intelligence gains. Class action lawsuits are certain to follow and that litigation will certainly set some legal precedents and/or changes to cyber security laws as a reaction. Both risks are certainly worth staying abreast of policies and products not only to mitigate your own operational security but also your businesses. These very public security breaches certainly should put companies on notice to review their own security, policies, and internal testing to ensure its al secure.