In March of 2014, OPM officials realized they'd been hacked. It's an exhaustive 241 pages, and much of the material in this article derives from its conclusions. The official OPM hack reportĪfter an exhaustive and sometimes confrontational investigation, the House Oversight & Government Reform Committee released a report on the OPM data breach to the public. The next month, in December of 2013, is when we definitively know that attackers were attempting to breach the systems of two contractors, USIS and KeyPoint, who conducted background checks on government employees and had access to OPM servers (though USIS may have actually been breached months earlier).
#Opm kar files collection manuals#
While X1 wasn't able to access any personnel records at that time, they did manage to exfiltrate manuals and IT system architecture information. This attacker or group is dubbed X1 by the Congressional OPM data breach report. The hack began in November of 2013, when the attackers first breached OPM networks. are not exactly clear." Nevertheless, researchers have been able to construct a rough timeline of when the breaches began and what the attackers did.
OPM hack timelineĪs the official Congressional report on the incident says, "The exact details of how and when the attackers gained entry. The OPM breach led to a Congressional investigation and the resignation of top OPM executives, and its full implications-for national security, and for the privacy of those whose records were stolen-are still not entirely clear. Among the sensitive data that was exfiltrated were millions of SF-86 forms, which contain extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people's fingerprints. In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government's civilian workforce, discovered that some of its personnel files had been hacked.