Tim Maurer , the director of the Global Cybersecurity Norms and Resilience Project at the New America Foundation, says that in addition to blackmail and contact tracing, the OPM data breach poses other serious cyber-risks as well.
For example, Maurer said information contained in the OPM files could be used to construct very detailed profiles of individuals working in key positions in the federal government. That profile, in turn, could be used to construct sophisticated spear-phishing attacks on those individuals, earning their trust only to steal more information or download malware.
“If it turns out this was a state actor, you could easily see how they could use this [data] for intelligence purposes,” Maurer said. “If we’re talking about spear-phishing attacks, these could also be used to steal even more data down the road that’s confidential.”