At least two lawmakers received have received notices that their personal data may now be in the hands of hackers believed to be working for China.
At least two lawmakers have received notifications from the Office of Personnel Management informing them that their personal data may have been stolen by foreign hackers, marking the latest expansion of a massive data breach that exposed the information of millions of current and former federal employees.
Sen. Susan Collins and Rep. Barbara Comstock received letters on Wednesday from OPM alerting them that their Social Security numbers, place of birth, addresses and other information could now be in the hands of hackers believed to be affiliated with China. It was not immediately clear how many other members of Congress could also be vulnerable, as both Collins and Comstock were federal employees before becoming elected officials, which may be the reason their data is implicated.
"You are receiving this notification because we have determined that the data compromised in this incident may have included your personal information," the letter, which Collins posted on Twitter, reads.
Comstock also confirmed late Wednesday that she had received similar notification.
"I and many of my constituents have already been sent letters alerting us to this breach of our personal information that has been 'compromised,'" Comstock wrote in a response to OPM seeking additional information about the hack. "As you know, these cyberthieves stole personal data such as Social Security numbers, as well as background investigations on federal employees, contractors, and applicants."
It appears unlikely that most members of Congress have also had personal data hacked, as both Collins and Comstock may only be affected due to their prior jobs in government. In normal practice, OPM would likely not hold information elected officials.
Collins, who serves on the Senate Intelligence Committee, was appointed to the Small Business Administration before she was elected to the upper chamber in 1996.
Jeff Marschner, Comstock's deputy chief of staff, said that the Virginia Republican was employed as a Hill staffer in the 1990s and also worked for the Justice Department under former President George W. Bush so "it could be either of the two employments" that led to her data being stored at OPM and subsequently accessed by hackers.
The realization that members of Congress are not immune to the OPM hack arrives on the heels of similar notifications sent out to House and Senate staffers late Tuesday that their personnel records, too, are among the millions believed compromised in the major intrusion, which investigators believe began last year and was first detected in April.
Earlier this month, OPM announced it believed approximately 4.2 million former and current federal employees had their personally identifiable information exposed in the hack. But the scope and scale of the cyberattack has grown since, and many lawmakers and cybersecurity experts now believe the amount of individuals affected could be far higher—perhaps totaling as much as 14 million. It was additionally revealed last week that deeply sensitive security-clearance information for military and intelligence personnel was also breached.
At least three members of Congress—House Oversight Chairman Jason Chaffetz and Democratic Reps. Ted Lieu and Jim Langevin—have called for the resignations of OPM Director Katherine Archuleta in addition to Donna Seymour, the agency's chief information officer. But despite the mounting pressure, the administration has signaled it has little interest in making heads roll.
"The president does have confidence that [Archuleta] is the right person for the job," White House press secretary Josh Earnest said Wednesday.