The Office of Personnel Management (OPM) didn’t realize hackers had stolen millions of records until nearly a year after they gained access to the agency’s network, but the agency moved quickly to address the hack once they discovered it, according to a timeline obtained by FCW.
An official timeline of the breach prepared for Federal Chief Information Officer Tony Scott indicates that hackers “likely gained access to OPM’s local-area network on May 7, 2014,” according to FCW’s Sean Lyngaas.
The hackers gained access by stealing credentials, planting malware, and then creating a backdoor, according to the story.
The theft of data then began on July 3, 2014, and continued “until August,” Lyngaas reported. In October hackers turned their attention to an Interior Department data center, where OPM’s personnel records were kept. They stole the personnel records of 4.2 million people from that data center on December 15, 2014. Separately, an estimated 21.5 million current and former Federal employees also had personal data stolen.
OPM didn’t realize they had a problem until April 14, 2015, almost a year after the initial intrusion.
On April 17, OPM took steps to cut off the hackers’ access to the network, and by April 24 they were “evicted from OPM systems,” according to the story. “OPM verified the malware was gone on April 30.”
Even as details of the historic breach continue to trickle out, House Oversight and Government Reform Chairman Jason Chaffetz (R-Utah) remains on the prowl for more answers.
He sent a letter last week to the U.S. Computer Emergency Readiness Team (US-CERT) requesting more information about its role in the investigation and steps to identify and eradicate the hackers. The congressman said he wants “a detailed description of each action taken by OPM, its contractors, and agency partners to secure OPM systems following the discovery of the unauthorized access and/or taking of the security documents,” the letter states.
FCW’s timeline indicates OPM contacted US-CERT in April 15, 2015, but Chaffetz could ask for more detail about that initial contact.
Chaffetz’s committee has held three hearings on the OPM hack.
“Even after these hearings, fundamental questions about the detection and the breach and OPM’s response remain,” the congressman wrote in his letter to US-CERT.
OPM disclosed the initial breach on June 4. It disclosed the second breach on July 9. Former OPM Director Katherine Archuleta resigned July 10.