OVERNIGHT CYBERSECURITY: Up to 14 million exposed in federal hack

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--KA-BOOM: The massive hack of federal government data may have compromised the personal information on 9 million to 14 million people, far more than was initially believed. Multiple sources on Capitol Hill, within the federal workforce and around Washington have estimated that the final tally of people affected by the hack could easily eclipse the 4 million reported by the Obama administration. Already, the theft of data from the Office of Personnel Management (OPM) is the largest data breach ever at the federal government. With an increase in the scope of the attack -- which officials, speaking privately, have traced back to China -- the Obama administration's response will face further scrutiny and more questions about the state of the nation's digital security. To read our full piece, click here.

--YOU AIN'T GOIN' NOWHERE: Senate Democrats on Thursday blocked Republicans from linking a cybersecurity amendment to a defense bill. The upper chamber fell four votes shy of the 60 votes needed to move forward with attaching the anti-hacking measure to the National Defense Authorization Act (NDAA). While six Democrats broke with the party line to support limiting debate, three Republicans joined the Democrats in opposition. Senate Armed Services Committee Chairman John McCainJohn Sidney McCainLawmakers toast Greta Van Susteren's new show Meghan McCain: It's 'breaking my heart' Warren is leading Biden in the polls The Hill's 12:30 Report: Video depicting Trump killing media, critics draws backlash MORE (R-Ariz.) withdrew the amendment after the vote, making the path forward for the amendment unclear. While the cyber measure itself, known as the Cybersecurity Information Sharing Act (CISA), isn't controversial, the maneuver to attach it to the NDAA irked Democrats. Democrats want the chance to offer privacy-enhancing amendments to CISA, which they would not be able to do if the language became an NDAA add-on. To read our full piece, click here. To read about Senate Majority Whip John CornynJohn CornynSuccession at DHS up in the air as Trump set to nominate new head Trying to kick tobacco again This week: Congress returns to chaotic Washington MORE (R-Texas) berating the Democrats after the vote, click here.

--RAND WATCH: Sen. Rand PaulRandal (Rand) Howard PaulCheney unveils Turkey sanctions legislation CNN catches heat for asking candidates about Ellen, Bush friendship at debate Overnight Defense — Presented by Boeing — Trump isolated amid Syria furor | Pompeo, Pence to visit Turkey in push for ceasefire | Turkish troops advance in Syria | Graham throws support behind Trump's sanctions MORE (R-Ky.), who boosted the profile of his presidential campaign by breaking with Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellPatient advocates launch drug pricing ad campaign Overnight Defense — Presented by Boeing — House passes resolution rebuking Trump over Syria | Sparks fly at White House meeting on Syria | Dems say Trump called Pelosi a 'third-rate politician' | Trump, Graham trade jabs War of words at the White House MORE (R-Ky.) during the recent fight over surveillance reform, sided with the Democrats in voting to block the amendment.



--AND SO WE BEAT ON: House lawmakers voted to further rein in the nation's spies on Thursday, in a signal that legislators aren't yet done reforming surveillance law.

A bipartisan amendment to add new limits to the National Security Agency (NSA) passed 255-174, slightly more than a week after President Obama signed legislation ending the agency's bulk collection of Americans' phone records.

While the move appears largely symbolic, given the overwhelming opposition to further spy reforms from leadership in the Senate, it nonetheless makes clear that a significant bloc of lawmakers aren't settling with that first batch of reforms, called the USA Freedom Act. To read our full piece, click here.



--YOU WOULD, TOO. A 23-year-old Virginia man, upon discovering he had been robbed of about 300 "Magic: The Gathering" playing cards worth roughly $8,000:

"I went in the house, cracked open a beer, had a few sips and promptly started screaming expletives as I waited for the police to arrive," he told The Washington Post. "I'd been collecting these cards since I was a kid and over the years they've only increased in value. I was horrified."

Read on, at The Washington Post.



--THE INTERNAL REVENUE SERVICE, which announced Thursday a new round of steps to better protect against identity theft and fraud before the 2016 tax filing season.

The measures are an effort to reassure taxpayers following a data breach that exposed 100,000 taxpayers' data.

The IRS said it has agreed to collaborate with tax preparation firms and state officials to boost the authentication process before giving out refunds and taxpayer data. The group will also swap more data on potential tax fraud. To read our full piece, click here.



Links from our blog, The Hill, and around the Web.

The Senate Appropriations Committee advanced a $51.1 billion bill Thursday fund the Commerce and Justice Departments for fiscal 2016. (The Hill)

Facial recognition technology is already being deployed to let brick-and-mortar stores scan the face of every shopper. (The Washington Post)

A hacker dumped a database containing what appear to be around 23,000 email addresses of US government workers on a dark web hacking forum on Thursday. (Motherboard)

Why credit monitoring fails to address the real threat facing hacked feds. (NextGov)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A