22 Million Records Stolen in OPM Hacks, Agency Head Resigns

July 13, 2015

22 Million Records Stolen in OPM Hacks, Agency Head Resigns Late last week, the U.S. Office of Personnel Management (OPM) disclosed the full extent of two separate breaches they first acknowledged to the public in June. Until Thursday, the government’s official tally of how many records had been compromised in the OPM intrusion was 4.2 million. But, after a forensic investigation, the agency found the second related breach was much more serious, exposing information contained in background checks of more than 20 million current and former federal employees and applicants to government jobs and their families. OPM estimates the second intrusion resulted in the theft of sensitive information of 21.5 million individuals. In the wake of Thursday’s announcement, OPM chief Katherine Archuleta has resigned.

The nature of the information stolen for each individual is extensive. According to the OPM announcement, exposure includes: Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details.  Some records also include findings from interviews conducted by background investigators and fingerprints.

From the beginning, published reports have indicated that officials believe the attack was state sponsored, probably originating in China. The Chinese have denied any involvement in the incident. While hacks of this magnitude are usually followed by surges in fraud attempts, if China—or another state—was responsible, the goal is more likely to be blackmail or espionage than financial gain.