The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history, the attack was carried out by an advanced persistent threat based in China, widely believed to be the Jiangsu State Security Department, a subsidiary of the Government of China's Ministry of State Security spy agency.
In June 2015, OPM announced that it had been the target of a data breach targeting personnel records.[1] Approximately 22.1 million records were affected, including records related to government employees, other people who had undergone background checks, and their friends and family.[2][3] One of the largest breaches of government data in U.S. history,[1] information that was obtained and exfiltrated in the breach[4] included personally identifiable information such as Social Security numbers,[5] as well as names, dates and places of birth, and addresses.[6] State-sponsored hackers working on behalf of the Chinese government carried out the attack.[4][7]
The data breach consisted of two separate, but linked, attacks.[8] It is unclear when the first attack occurred but the second attack happened on May 7, 2014, when attackers posed as an employee of KeyPoint Government Solutions, a subcontracting company. The first attack was discovered March 20, 2014, but the second attack was not discovered until April 15, 2015.[8] In the aftermath of the event, Katherine Archuleta, the director of OPM, and the CIO, Donna Seymour, resigned.[9]
- ^ a b Barrett, Devlin (5 June 2015). "U.S. Suspects Hackers in China Breached About four (4) Million People's Records, Officials Say". Wall Street Journal. Retrieved 5 June 2015.
- ^ Zengerle, Patricia; Cassella, Megan (2015-07-09). "Estimate of Americans hit by government personnel data hack skyrockets". Reuters. Retrieved 2015-07-09.
- ^ Nakashima, Ellen (9 July 2015). "Hacks of OPM databases compromised 22.1 million people, federal authorities say". The Washington Post. Retrieved 19 July 2020.
- ^ a b Fruhlinger, Josh (2020-02-12). "The OPM hack explained: Bad security practices meet China's Captain America". CSO Online. Retrieved 2023-05-29.
- ^ Risen, Tom (5 June 2015). "China Suspected in Theft of Federal Employee Records". U.S. News & World Report. Retrieved 5 June 2015.
- ^ Cite error: The named reference
nprwas invoked but never defined (see the help page). - ^ Garrett M. Graff, China's Hacking Spree Will Have a Decades-Long Fallout, Wired (February 11, 2020).
- ^ a b Cite error: The named reference
:0was invoked but never defined (see the help page). - ^ Boyd, Aaron (2017-08-08). "OPM CIO Seymour resigns days before Oversight hearing". Federal Times. Retrieved 2017-12-04.