[sampsonjs]

The most uncomfortable thing on an SF-86 would probably be your past convictions, but it's unlikely you would get a TS in that case. After that, maybe the names of family members. It also would have your current address and foreign investments, but nothing extremely personal.

[knowaveragejoe]

From the comments:

> Not to sound like Chicken Little, but just looking at the information on my e-Qip form, there's a lot more in the database than the NYT reports. For starters, I'm not, nor have I ever been a federal employee. So, the scope is actually anyone who has, or has applied for a clearance. That means contractors too. The header of each of the 37 pages on my form has my Social Security Number. In the document you will find the SSN's for my ex-wife, son, and current girlfriend. Other tidbits include the Naturalization numbers for my mother, ex-wife, and girlfriend. Full names, and contact information for people who've known me at the places I've lived for the past ten years. Same for employers. Living in the DC Metro area, many of my references, both personal and professional, have clearances, so they each have the same form in the database. The only financial information asked for in the version I have had to do with accounts that were past due or in arrears, so the typical bank account, credit card, mortgate, and car loan stuff isn't in the form.

[vonmoltke]

The SF-86 is a gold mine as a starting point for exploitation. It does not provide much useful blackmail material in itself, but all the contacts and life history information are very valuable for focusing further efforts if a person is chosen for exploitation. It also provides clues, particularly when combined with other open source material, as to who may have shit lying around that could be exploited. Remember, one purpose of this form is to allow OPM to do exactly the same thing, but from a defensive standpoint.

[mturmon]

You are soft-pedaling this. There is much, much more on the SF-86 (http://www.opm.gov/forms/pdf_fill/sf86.pdf)

They have extensive sections on psychological health (e.g., have you seen anyone for a mental health issue in the last 7 years, if so who, and their contact information). There are extensive sections on criminal history and past employment, including reason for leaving, especially if it was Federal employment.

There are also sections on past friends, past addresses, and spouses and ex-spouses, and foreign contacts.

Furthermore, it's not just convictions, you also have to report being charged with any felony offense, even if not convicted. Also, drug and alcohol related history, and gambling. And repossessions, liens, etc.

The SF-85 is a less intrusive version of the SF-86. I think a typical contractor working on open projects would use a SF-85. But note, when you sign the SF-85, you allow the government to collect additional information from various sources (but not medical information). This compiled information would presumably be stored on the systems that were targeted in this hack.

I know people who resigned from their job rather than fill out the SF-85. Part of their reason was that something like this might happen.

[walshemj]

It also has a huge ammount of personal information that would be a gold mine for identity theft.

Let alone the security issues.

[sampsonjs]

Right, that just occurred to me.

[sampsonjs]

Worst possibility is folks email are now targets, and there's enough info to get past password reset questions.

[lawnchair_larry]

It's both a target list, and a list of people who would be useful to impersonate in spear phishing attacks.

People open attachments and click URLs when they appear to come from TS cleared people.

[walshemj]

No the worst possibility is an undercover Officer gets blown and ends up staring in the latest Al Quaida "happy decapitation videos" series

[g8oz]

But lets not over estimate the probability of the worst scenario. And lets not take action based on that overweighted probability.

[walshemj]

Depends if your a non-avowed CIA officer in a dodgy part of the world or not.

I am sure vilerats and the other "state" officers killed in begazi familys might have appreciated a bitmore worse case planning.