It turns out the hackers, who are believed to be from China, also accessed so-called SF-86 forms, documents used for conducting background checks for worker security clearances. The forms can contain a wealth of sensitive data not only about workers seeking security clearance, but also about their friends, spouses and other family members. They can also include potentially sensitive information about the applicant’s interactions with foreign nationals—information that could be used against those nationals in their own country.
What’s more, in initial media stories about the breach, the Department of Homeland Security had touted the government’s EINSTEIN detection program, suggesting it was responsible for uncovering the hack. Nope, also wrong.