It now looks like China was able to pull detailed personnel records of 18 million current, former and prospective U.S. federal employees. And this could have likely been avoided with a very simple, easy, and inexpensive approach to guarding the data.
You give a single server access to the database.
Any program that needs data from the database, makes a query of that server. That server returns the requested data as XML or JSON to the requester. Now here's the key part.
This single server has rules about what can be returned. The first rule is how many total records can be returned in a day across all requests. Go over that number and it shuts down as investigators look at what has caused the increased volume. Second is a limit on the total records per request, total records per credentials, total records per IP address, etc. Third, you limit what can be returned from each record set. If the request is to mail something to employees, all that comes back is name and address.
It's pretty easy to physically configure a paired set of servers where the database system is only available to the 2nd server and the 2nd server is only accessible for records requests. Those two machines can be locked down tight.
Using a small set of rules to limit what is allowed, and what sets of warnings is also easy to implement. This won't stop everything. And will not catch someone pulling down a small number of records. But it will stop wholesale downloading of the data. No breaches is best. But a breach that gets 1,000 records is much better than one that get 18 million.
So why didn't they do this? Probably because this trick is not sexy and there's nothing to buy, so there's likely no one proposing this to the government. And that's a shame. This safeguard could be implemented very quickly and very inexpensively.
Note: I did not come up with this idea, one of our customers implemented this to protect their HR data. They used this to populate their Leave of Absence letters using our document generation system.