One of the top news stories last week was an announcement by the U.S. Office of Personnel Management (OPM) that its computer systems had been hacked by China. In case you missed it, the revelation contained some sobering news for security clearance holders: you were most likely the intended targets.

The fact that foreign governments routinely attempt to hack into U.S. government computer systems is old news. Cyber espionage has been around almost since the dawn of the internet. What is new, however, is the increasingly aggressive nature with which foreign intelligence services are targeting the personal information of security clearance holders. They’re now after not just classified information but also the people who have access to it.

How PII is used for espionage

Interestingly, U.S. intelligence experts have also recently pointed the finger at China for massive (and successful) hacking attacks on U.S. companies, like healthcare provider Anthem. In the Anthem case (which occurred just a few months ago), the medical records of nearly 80 million people were stolen. The breath-taking nature of the data compromise aside, one has to ask why a government like China would care about U.S. citizens’ medical records? Some analysts believe that the information’s real value is in helping China build a database of U.S. citizens – specifically, security clearance holders – to determine who may have exploitable weaknesses for espionage purposes. The process hypothetically works something like this:


Obtain list of U.S. security clearance holders and military personnel.


Cross-reference those individuals with medical records and other records (e.g. banking records) obtained by hacking.


Determine who has vulnerabilities that might make them betray their country. A prized find might be someone who, for example, is living beyond their means or who has a medical condition that is draining their life’s savings.

On a related note, both I and editor Lindy Kyzer have previously warned about the risks “people search” and other social engineering websites pose to security clearance holders. The outrageously invasive information available on these websites could allow a foreign intelligence agency to take their targeting even one step further – a process known as “social engineering.” It isn’t a difficult logic leap.

Your personal information = a valuable commodity

The lesson in all of this is that your personal information is a valuable commodity. Be cautious of what you post online. Be an informed consumer when it comes to the data privacy practices of companies with whom you do business. And remember: a little paranoia is a healthy thing.


This article is intended as general information only and should not be construed as legal advice. Consult an attorney regarding your specific situation. 

Related News

Sean M. Bigley retired from the practice of law in 2023, after a decade representing clients in the security clearance process. He was previously an investigator for the Defense Counterintelligence and Security Agency (then-U.S. Office of Personnel Management) and served from 2020-2024 as a presidentially-appointed member of the National Security Education Board. For security clearance assistance, readers may wish to consider Attorney John Berry, who is available to advise and represent clients in all phases of the security clearance process, including pre-application counseling, denials, revocations, and appeals. Mr. Berry can be found at