CBSN

Union: Hackers stole data on every federal worker

Last Updated Jun 12, 2015 11:21 AM EDT

WASHINGTON -- Hackers stole personnel data and Social Security numbers for every federal employee, a government worker union said Thursday, charging that the cyberattack on U.S. employee data is far worse than the Obama administration has acknowledged.

CBS News Homeland Security Correspondent Jeff Pegues reports that the investigation into the cyber attack on the Office of Personnel Management is far from over. Investigators are still "assessing the scope of the damage," the source said.

A federal law enforcement source says the number of people affected could reach 14 million. Investigators are still looking at what the exposure is, but they do not believe the hack is still ongoing. Law enforcement sources confirm the personal data of some FBI and CIA employees was exposed in the cyber attack as well. Investigators are still trying to assess the purpose of the attack but believe it is not financial.

Sen. Harry Reid, the Democratic leader, said on the Senate floor that the December hack into Office of Personnel Management data was carried out by "the Chinese." Reid is one of eight lawmakers who is briefed on the most secret intelligence information. U.S. officials have declined to publicly blame China, which has denied involvement.

J. David Cox, president of the American Federal of Government Employees, said in a letter to OPM director Katherine Archuleta that based on OPM's internal briefings, the hackers stole military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race data.

The letter was obtained by The Associated Press and then confirmed by CBS News.

The union said it is basing its assessment on internal OPM briefings. The agency has sought to downplay the damage, saying that only limited personally identifying information was breached.

"We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous," the letter said.

"Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees."