The OPM Breach
The US Office of Personnel Management held the background-check files of every cleared federal employee in the country. China appears to have taken the lot.
The US Office of Personnel Management is, on the surface, a back-office agency that handles federal HR. It also happens to hold one of the most sensitive databases in the federal government: the SF-86 background investigation files for every American who has ever applied for a security clearance.
Two breaches, one trove
In June 2015, OPM disclosed two related intrusions. The first had taken the personnel records of approximately 4.2 million current and former federal employees. The second, more consequential, had taken the actual SF-86 forms — comprehensive multi-decade biographies including foreign contacts, drug use, mental health history, financial pressures, family relationships, and the same data for spouses and cohabitants — for roughly 21.5 million people. The agency had also lost about 5.6 million sets of fingerprints.
A clean exfiltration
Investigators concluded that the attackers had been inside OPM's network for over a year and had used a contractor's credentials, weak network segmentation, and outdated encryption to move freely. The OPM director, Katherine Archuleta, resigned within weeks. The case was attributed to Chinese intelligence services and, like Anthem, the stolen data never surfaced for sale.
What the chronicle remembers
OPM is the breach US officials describe in private as the most damaging foreign intelligence loss of the modern era. A clearance background investigation is, intentionally, the most complete personal profile a government holds on its trusted employees. Releasing that profile to a hostile service does not just compromise the employees. It compromises every relationship, every assignment, and every cover story they will ever be considered for.