OPM Breach Guide for Dummies – Timeline of a Hack

Cybersecurity Security Clearance Credit Monitoring

ClearanceJobs recently released the results of a customer and cleared candidate survey. The takeaway? The Office of Personnel breach has had a significant – and negative- effect on security clearance hiring. The reasons are two-fold – ever-lengthening security clearance processing delays and a highly cautious and constantly decreasing cleared candidate pool who are uninterested in unsolicited offers. Couple this with a rebound in the defense contracting market, and it’s a competitive environment for hiring managers.

With so much news about the OPM breach, we decided to bring you the relevant headlines in one place. Check out the links for more in-depth reporting on the details of the breach, the OPM response, and why China is such a threat.

employers – here’s why your job is harder

The Office of Personnel Management began sending out (via USPS) notifications to individuals affected by the OPM breach. But with nearly 20 million individuals to notify, it’s a process that is just beginning, and will take months to complete. Many cleared candidates have not received notification, and are unsure of what to expect (here’s an article that explains what you can expect). In the wake of the breach, many personnel have also noted a significant increase in the number of phishing attacks, and even phone calls attempting to solicit their personal information. That means any unsolicited emails or phone calls from recruiters may be seen as spear phishing attempts.

Security-cleared candidates are now a bigger target than ever, and they’re also getting more warnings from the government urging caution about what emails they open, with one Department of Homeland Security official even calling for security clearances to be suspended for personnel lured by phishing scams. And all of this as news outlets including CNN.com report that Iranian-based hackers are using LinkedIn to troll for defense industry personnel.

Why the OPM breach is such bad news

Security experts note that China is the likely culprit of the OPM hack, and unlike other breaches where just some information was compromised, it appears China stole the ‘whole hog‘ this time around – including the entire SF-86 security clearance application, personal information and references, notes, and even the fingerprint data for approximately 5 million clearance holders and applicants. It’s a very real possibility that China now knows the details of clearance applicants’ sex lives and poor financial decisions, and is compiling them into their own ‘Facebook’ of federal employees and defense industry insiders. China didn’t ask clearance holders if they wanted to be friends first.

With official news about the OPM breach slowly rolling out, clearance holders are left wondering what to do, with many asking if they should sign up for credit monitoring (even if it’s offered for free by the government) at all.

Breach Timeline:

In March of 2014 Chinese hackers accessed the Office of Personnel Management database. Information about the attack was not made public, and according to OPM officials, they initially didn’t think personally identifiable information (PII) was included. (They were wrong).

Read: Why China is After Your PII

In June 2014, contractor USIS, the leading contractor conducting background investigations, announces a breach of its systems. OPM later fires the embattled USIS, citing this incident, and it is later revealed the USIS breach likely occurred at the same time as the OPM breach. The firing of USIS was the first straw in what have been months of security clearance processing issues and delays.

On July 9, 2014, a New York Times article first discloses the OPM hack. Officials at the time acknowledged the breach, and a limited notification was sent to employees. But OPM did not indicate anything about a larger breach, nor did it confirm any breach of the eQIP security clearance processing database.

READ: BACKGROUND INVESTIGATION FIRM ACKNOWLEDGES DATA BREACH

Months later, in April of 2015, OPM detected a breach of its systems, believed to have began in December of 2014. On June 4, 2015, OPM acknowledges the breach, and indicates that just 4 million federal employees were affected. It begins sending notifications to affected personnel.

In June of 2015, FBI Director James Comey confirms that approximately 18 million people were affected by the breach, over four times the original number indicated. The information compromised includes the entire SF-86 documents of individuals who both obtained, or applied for government security clearances through OPM.

Read: Was Your SF-86 Stolen in the OPM Hack?

Also in June, OPM disables use of the eQIP system for approximately one month, in order to conduct ‘necessary software upgrades.’ This one month delay halts all security clearance processing, greatly increasing an already significant backlog of security clearance applications and reinvestigations.

READ: OPM SHUTS DOWN EQIP SYSTEM IN WAKE OF BREACH

Also: OPM Accepting Paper Applications as System Remains Down

Lindy Kyzer is the editor of ClearanceJobs.com. She loves the NISPPAC, social media, and the U.S. military. Have a conference, tip, or story idea to share? Email lindy.kyzer@clearancejobs.com. Interested in writing for ClearanceJobs.com? Learn more here.

More in Cybersecurity