Complexity Score: 6
How did we get these numbers?
What was breached: The United States Office of Personnel Management (OPM). System specific breaches were not disclosed.
Delivery: March 2014 (possibly earlier) - April 2015
The Attackers: Chinese state sponsered hackers (alleged)
In April of this year, the US Office of Personnel Management (OPM) became aware of an intrusion in a personnel file database while working to upgrade its security infrastructure. As investigations continued, the OPM discovered that a second breach had occurred in which a variety of sensitive data on both former and current federal employees had been compromised and exfiltrated using credentials associated with an investigative contractor, KeyPoint Government solutions. Before being detected, the invaders had made off with personal information such as sexual history, drug use, friends, roommates, and more. The second breach was far more significant, raising the number of affected individuals to over 21 million.