The US Office of Personnel Management (OPM) has been breached, and the personally identifiable information (PII) of some four million current and former government workers compromised. OPM noticed the intrusion in April; it seems to have begun this past December. The FBI is investigating, and various Administration officials are saying on background that China is responsible. This is the second time in a little less than a year that OPM has reported a breach. The last incident, in July, saw attackers prospecting PII associated with people who'd applied for security clearances.
We've heard a lot from the FBI recently (at Georgetown Law, the Billington Corporate Cyber Security Summit, and the DC Metro Cyber Security Summit) about its efforts to impose costs on hackers, including hackers working for nation states, and it will be interesting to watch the Bureau's investigation unfold.
Chinese complaints about "OceanLotus" and "Unicorn Nocturne" hacking seem retrospectively like anticipatory tu quoque (shade thrown in a generally American direction).
That PII are valuable in espionage is unsurprising — the alleged Russian incursion into US IRS online services offers another example. Organizations that hold PII should understand that they're targets.
Social media also yield valuable information to reconaissance. A US Air Force general says an ISIS "moron's" selfie enabled targeting and destruction of an ISIS C2 center. (The general's crowing, alas, may help ISIS up its OPSEC game. On the other hand there's no shortage of "morons" on social media.) Ukrainian bloggers track Russian ops similarly revealed in social media.