5.6 million fingerprints stolen from OPM
The United States Office of Personnel Management (OPM) had suffered a series of cyber attacks over the last year. An investigation into the data breach had originally reported that 1.1 million fingerprint images were stolen in the attack. However, the OPM stated now that the number of stolen fingerprints was around 5.6 million. A total of 21.5 million current/former federal employees have been affected.
The OPM is primarily responsible for background checks of prospective federal employees and for granting secret and top secret security clearances, with the exception of the Nuclear Regulatory Commission which maintains its own system.
Hackers infiltrated the Office of Personnel Management (OPM) computer systems, supposedly to collect information on past/present/prospective federal employees. The hackers were suspected to be from China. OPM informed government officials that the attack had been thwarted, leading the Obama administration to believe that there was no loss of personally identifiable information of employees. As a result, the attack was not publicly announced.
The United States Investigation Services (USIS), a contractor running background checks for the OPM, disclosed a breach of information concerning 25,000 government employees in June 2014. The OPM severed ties with USIS following the breach. The Department of Homeland Security (DHS) prompted the United States Computer Emergency Readiness Team to launch an investigation. New York Times reported the attack publicly on 9 July 2014.
Federal investigators uncovered a data theft at KeyPoint Government Solutions (another contractor providing investigative services to the government) affecting 390,000 current/former/prospective DHS employees in September 2014. Another breach at KeyPoint was detected in December 2014. The OPM maintained that there was no evidence to prove a leak of sensitive information. The OPM sent letters to 48,000 federal employees informing them about the theft.
OPM installed upgraded security systems in April 2015, and a breach of OPM systems dating from December 2014 was detected. On 22 April 2015, Chief Information Officer of OPM, Donna Seymour acknowledged the 2014 cyber attacks in front of the House Oversight and Government Reforms Committee. In early May 2015, investigators confirmed that personal data of employees had been exfiltrated since December 2014.
On 4 June 2015, OPM publicly announced that atleast 4.2 million federal employees' personal information had been exfiltrated in 2014 cyber attacks. On 12 June 2015, investigators uncovered a second breach in OPM systems, implying that the data theft was much larger than expected. Around 16 June 2015, several sources suggested that the theft affected 14 million employees; however, OPM officials refused to speculate.