In the spring of 2015, hackers attacked the Office of Personnel Management (OPM)—the department of the U.S. federal government that collects, stores and manages personal identifying information for every single federal employee in both the past and present. The hackers stole personal identifying information for millions of federal workers. The hack affected current employees and military service members, as well as veterans and former federal employees. The affected individuals began receiving notices about the breach in June.

Who Hacked OPM and What did They Want?

Authorities have neither identified the hackers nor determined precisely what the hackers wanted. At this point, speculation implicates Chinese actors, but authorities have not confirmed this.

How Did the Hackers Get into OPM’s Systems?

A commonly employed hacking technique involves the use of a third party’s login credentials to gain access to computer systems. In the OPM hack, the hackers acquired login credentials used by KeyPoint Government Solutions—a contractor used by the U.S. government to complete background investigations. Using the contractor’s login credentials, the hackers accessed OPM’s network and the federal employer personal identifying information it contained.

The attack occurred in two phases. The first phase involved the theft of the employees’ personal identifying information. In the second phase, the hacker collected data related to the background investigations conducted on those employees. It is unclear why the hacker took this information, but some speculate that the background investigation data could facilitate complicated fraud schemes.

What Can the Hackers do With the Personal Information?

The hackers may use the information to attempt identity fraud. The hackers may also use the information to construct very sophisticated phishing schemes. It appears that the stolen information can provide access to more valuable information. In addition, some believe that the hackers may use the stolen information not only for financial gains by running scams on individuals but also for gaining access to secret or protected information, such as information about US military defenses or economic policy plans. This information could support acts of cyber espionage.

Victims of the OPM attack have received warnings from the government indicating that the hackers could use their personal identifying information to open lines of credit or apply for credit cards, among other things. The government has provided employees with credit monitoring services for 18 months, and more than a million dollars of insurance coverage in the event that they become the victim of identity fraud as a result of the OPM hack.