The only thing more incredible than this story of the Great Hack itself is how little impression it has made on the American population. Indeed on anyone. The quietest big news story I have ever seen. This is from James Taranto at the Washington Post: Hacking Government Apart:

The scandal at the U.S. Office of Personnel Management just keeps getting worse. In his Monday column, Gordon Crovitz summed up what was known at the time about the “unprecedented hacking by China of confidential databases” at OPM:

In one incident, hackers obtained the records of more than four million federal employees, which include listings of “close or continuous contacts.” That tells Beijing which of its citizens are in contact with American officials.

Another hacking incident affected many millions more—apparently nearly everyone who has applied for a security clearance. The hacked data include a 127-page background form with personal details such as mental-health conditions, police records, drug use and bankruptcy. Chinese intelligence could use this information to blackmail federal employees. The form also includes details on “people who know you well,” enabling China to piece together networks of people, including Chinese citizens, linked to federal employees.

There are other dangers as well. The Chinese government may not have exclusive access to the data, which include Social Security numbers; Pierluigi Paganini reports at the website SecurityAffairs.co that he has “personally found” them offered for sale on “a popular black market” that is part of the so-called dark web.

And the breadth of the population affected by the hacking continues to grow. “The OPM data file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs.” But the Hill reports today that “members of Congress have started receiving notices that their information was likely stolen”:

The OPM doesn’t manage Capitol Hill staffers’ personnel files, but retirement records are forwarded to the agency when they leave the Hill.

Additionally, any Hill staffer who previously worked for another federal agency has been exposed, according to emails sent Tuesday night to House and Senate workers.

“It now appears likely that the service records of current House employees employed previously by ANY federal government entity (including the House, if an individual left the House and later returned to a House position) may have been compromised,” said an email from House Chief Administrative Officer Ed Cassidy.

Would you like some more? This is from the testimony that is bringing all of this to light explaining the way in which things had developed:

Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?’”

And as Taranto adds at this point: “In case you’re unfamiliar with the terminology: “Social engineering” in this context refers to tricking people into revealing passwords or otherwise violating security protocols; and “root” means access to an entire system.” This is stunning, absolutely stunning.