Skip to main content
SpringerLink
Log in

The OPM Breaches of 2014 and 2015

  • Chapter
  • First Online:
Big Breaches

Abstract

In 2015, the Office of Personnel Management (OPM), the chief human resources agency for the federal government, announced a breach that exposed the SF-86 security clearance background checks of over 21.5 million US government employees, the fingerprint data of 5.6 million individuals, and personnel files of 4.2 million current and former government employees. The stolen SF-86 forms included information on millions of government employees, including SSNs; the names and addresses of family members, neighbors, and friends; extensive personal financial information; psychological evaluations; and the usernames and passwords of background investigation applicants. As described by former FBI Director James Comey and former CIA Director Michael Hayden, the stolen data was a “treasure trove” of data so sensitive that it could be used for espionage and would harm intelligence and counterintelligence efforts for at least a generation to come. The haunting effects of this blow to national security will never be known in full to the United States.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 24.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The OPM Data Breach: How the Government Jeopardized Our National Security for More Than a Generation, September 2016, https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/

  2. 2.

    www.performance.gov/OPM/#:~:text=Overview,they%20serve%20the%20American% 20people

  3. 3.

    An Authorization to Operate, or ATO, is granted to a federal agency after the agency is audited for compliance with federal standards. In the case of OPM, this standard would be the FISMA (the Federal Information Security Management Act).

  4. 4.

    Machine or host that could be infected: e.g., laptop, desktop server.

  5. 5.

    For a wired network using fiber optics, a fiber tap records everything transferred on the wires.

  6. 6.

    A VPN, or virtual private network, anonymized a user’s IP address and location, as well as encrypting a user’s Internet traffic. A VPN makes browsing the Web more private and secure.

  7. 7.

    RDP, or remote desktop protocol, is a popular protocol that allows users to access their Windows’ machines remotely.

  8. 8.

    Source: Page 85 of the House Majority Staff Report: https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/

  9. 9.

    A jump server acts as a “choke point” between less critical and more critical systems. A user that wants access to the more critical system must authenticate at the jump server. The jump server is a single point of entry that all access to the more critical system must go through and can be monitored for potentially unauthorized access attempts.

  10. 10.

    An SSL, or secure socket layer, certificate is used to help create a secure connection between a browser and a website.

  11. 11.

    A spoofed domain is a malicious domain set up to look like a legitimate website in hopes of tricking a user into interacting with the spoofed domain that looks legitimate.

  12. 12.

    In a signature-based approach to detecting malware, a scanner looks for sequences of bytes that are known to appear in malware files. However, it can be relatively easy for malware authors to change the bytes in their files so that they don’t match any known sequences. However, an approach that uses artificial intelligence may be able to detect malware even though there may not be any previously known sequences of bytes that appear in malware files.

  13. 13.

    Source: Page 101 of the House Majority Staff Report: https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/

  14. 14.

    Source: Page 103 of the House Majority Staff Report: https://republicans-oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/

Author information

Authors and Affiliations

  1. Pleasanton, CA, USA

    Neil Daswani

  2. Carlsbad, CA, USA

    Moudy Elbayadi

Authors
  1. Neil Daswani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Moudy Elbayadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Neil Daswani and Moudy Elbayadi

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Daswani, N., Elbayadi, M. (2021). The OPM Breaches of 2014 and 2015. In: Big Breaches. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-6655-7_6

Download citation

Publish with us

Policies and ethics

Search

Navigation