Two Major Data Breaches Affect More than 20 Million People

Author: Ashley Shaw, XpertHR Legal Editor

July 21, 2015

Major, recent breaches at the Office of Personnel Management (OPM) and UCLA Health serve as examples of why an employer should ensure to the best of its ability that it has taken adequate security measures to protect its customers' and employees' personal information.

In April, the US Office of Personnel Management (OPM) found a breach of its security that affected 4.2 million current and former federal government employees. The information affected included all of the following:

• Full name;
• Birthday;
• Home address; and
• Social Security Numbers.

However, in June, while investigating this breach, the OPM found another massive breach. This time, the background information for 21.5 million people had been compromised. This includes 19.7 million individuals that applied for a background check as an applicant or employee. The rest were comprised of non-applicants requesting a background check, such as spouses of applicants.

More recently, in July, the UCLA Health system discovered a month-long cyberattack on sensitive information in its system. The attack has potentially affected 4.5 million people.

While the hackers accessed systems containing personal information such as Social Security Numbers and medical records, UCLA Health states in a press release that there is no evidence at this time indicating that the hackers have acquired any personal or medical information.

The hospital system is working with the FBI and an outside security company in order to:

• Find the nature and scope of the breach;
• Learn who was behind the attack; and
• Create future security measures.

The hospital is also offering free identity-protection support to potentially affected individuals.

Data breaches have been occurring with alarming frequency in recent years. Similar breaches have occurred in recent years at Anthem, Sony, and New York-Presbyterian Hospital, among others.