As many as 14 million past and current federal employees have fallen victim to the recent cyberattack incident, prompting a measure from U.S. Rep. Joe Wilson, R-S.C., that asks the federal government to conduct a study on cyberattack standards of measurement.
The latest estimates state anywhere from 9 million to 14 million records of Americans were compromised dating back to the 1980s. With only 4.2 million current federal employees, the attack mainly compromised former workers. The total number of victims is significantly higher than the 4 million estimate from last week.
On Tuesday, Wilson introduced the Cyberattack Standards Study Act. The bill, if passed, would direct National Intelligence, Homeland Security, the FBI and the Department of Defense to conduct a study to define a method for quantifying a cyber incident to determine an appropriate response.
Overall, cyberattackers walked away with personnel data and Social Security numbers for all the federal workers from a central personnel database, according to The Associated Press.
The hackers stole military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance and pension information, and age, gender and race data, according to the American Federation of Government Employees.
J. David Cox, president of the group, said in a letter Thursday to Katherine Archuleta, director of the Office of Personnel Management, that "we believe that the Central Personnel Data File was the targeted database."
"... The hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to 1 million former federal employees," Cox said.
Wilson said his hope is to build a comprehensive cyber defense system, stating that "cyber is a new domain of warfare."
"These cyberattacks are a sober reminder that Congress, and all government agencies, need to work together to better protect public and private networks," Wilson said. "The complicated nature of cyber defense means we need a clear standard of measurement for assessing the damage of attacks to our citizens and affected systems."
No word on SRS, local impact
Locally, Savannah River Site employees and other groups may also have been impacted by the cyberattack.
The Aiken Standard reached out to DOE headquarters for comment, but did not receive a response before deadline.
A letter written last week by DOE Secretary Ernest Moniz states that the management office will offer affected individuals credit monitoring services and identity theft insurance through CSID, a company that specializes in identity-theft protection and fraud resolution.
The 18-month membership includes credit report access, credit monitoring, identity theft insurance and recovery services and is available immediately at no cost to affected individuals identified, Moniz said.
Employees whose information was affected will receive a notification directly from CSID.
"This incident reminds us all of the seriousness of the cyber threats we face and the importance of vigilance in protecting our systems and data," Moniz said.
The Associated Press contributed to this story
Derrek Asberry is the SRS beat reporter for the Aiken Standard and has been with the paper since June 2013. He is originally from Vidalia, Ga., and a graduate of Georgia Southern University. Follow him on Twitter @DerrekAsberry.