Sqrrl Blog

Jul 14, 2015 9:45:00 AM

Cyber Incident Matrix: OPM Breach

Severity Score: 6
Complexity Score: 6
How did we get these numbers?

Incident Summary

  • What was breached: The United States Office of Personnel Management (OPM). System specific breaches were not disclosed.

  • Delivery: March 2014 (possibly earlier) - April 2015

  • The Attackers:  Chinese state sponsered hackers (alleged)

Overview:

In April of this year, the US Office of Personnel Management (OPM) became aware of an intrusion in a personnel file database while working to upgrade its security infrastructure. As investigations continued, the OPM discovered that a second breach had occurred in which a variety of sensitive data on both former and current federal employees had been compromised and exfiltrated using credentials associated with an investigative contractor, KeyPoint Government solutions. Before being detected, the invaders had made off with personal information such as sexual history, drug use, friends, roommates, and more. The second breach was far more significant, raising the number of affected individuals to over 21 million.

Read More

Topics: Cybersecurity, OPM, Data Breach

Jun 19, 2015 8:00:00 AM

The OPM Breach and Big Data Security Analytics

In the past two weeks, the need for big data security analytics on the federal level has been acutely felt. At the end of last year, the Office of Personnel Management (OPM) was breached by hackers. The threat lay undetected for almost six months, until it was discovered, reportedly by accident, as the OPM worked actively to improve its security infrastructure. While the OPM does maintain its own security infrastructure, it also relies on the Department of Homeland Security’s National Cyber Protection system (NCPS), established in 2008 at the behest of Congress and the Executive branch. The NCPS was created to “protect the federal civilian Executive Branch government network and prevent known or suspected cyber threats,” according to the DHS.

Read More

Topics: Big Data Security, Linked data analysis, OPM, Department of Homeland Security, Big data security analytics