Published on August 21st, 2015 | by Roger Chu
Exclusive: The OPM Breach Details You Haven’t Seen
An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data and the government’s step-by-step response. It illuminates a sequence of events that lawmakers have struggled to pin down in public hearings with Obama administration officials.
The timeline makes clear that the heist of data on 22 million current and former federal employees was one sustained assault rather than two separate intrusions to steal background investigation data and personnel records.
The document, which bears the seals of OPM and the Department of Homeland Security, is dated July 14 and was prepared by federal investigators for the office of U.S. CIO Tony Scott, according to a source familiar with the investigation. The detailed timeline corroborates administration officials’ public testimony but is unique in its comprehensiveness and specificity.
According to investigators, hackers likely gained access to OPM’s local-area network on May 7, 2014, by stealing credentials and then planting malware and creating a backdoor for exfiltration. Actual exfiltration of data on background investigations did not begin until July 3, 2014, and it continued until August.
In October, the hackers pivoted to the Interior Department data center where OPM’s personnel records resided. On Dec. 15, 2014, the intruders siphoned that data away. OPM has said the personnel records of 4.2 million people were comprised in that breach.
Full article by Sean Lyngaas, FCW