It was confirmed on July 9th by President Obama that the OPM breach did in fact involve the theft of over 21 million individuals’ personal information, including Social Security numbers. The confirmation was following an interagency forensic investigation that found two separate cybersecurity incidents—one involving OPM employees and former employees, and the other from the background investigation database. The information stolen affects individuals who underwent a background investigation since 2000 through forms SF-86, SF-85 or SF-85P, including fingerprints of 1.1 million individuals.
The breach started as early as 2014 but was not discovered until May 2015. As a result, OPM Director Katherine Archuleta has resigned her post.
The OPM will offer credit and identity theft monitoring for the 21.5 background investigation applicants, spouses and co-habitants whose sensitive information was stolen from the OPM databases, and the mitigation efforts are being led by the Department of Defense.
The OPM resource website about the breach can be accessed here: www.opm.gov/cybersecurity/
Meanwhile, a second class action suit has been filed on behalf of the American Federation of Government Employees, and for the second time in the last month, the FBI has warned U.S. companies to be on the lookout for a malicious computer program that has been linked to the OPM hacking incident. The malware, called Sakula, is also believed to have been the cause of the Anthem breach.