OPM Data Breach: Personnel Security Background Investigation Data (CRS Report for Congress)
| Release Date |
July 24, 2015 |
| Report Number |
IN10327 |
| Report Type |
Insight |
| Authors |
Christensen, Michelle D. |
| Source Agency |
Congressional Research Service |
Summary:
In a July 9, 2015, news release on the cyber-intrusions of its systems, OPM [Office of Personnel Management] 'concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases.' OPM's background investigation databases contain sensitive personal information on individuals (including congressional staff) who have undergone a personnel security background investigation as part of the security clearance process. This sensitive personal information may include financial and credit data, details on alcohol or illegal drug use, names of foreign contacts, or mental health information. OPM's systems also contain information on individuals without security clearances, but who have undergone a background investigation for other reasons. For example, OPM conducts background investigations on individuals whose positions involve policymaking, law enforcement, or other responsibilities that demand a great deal of 'public trust,' even if the positions do not require access to classified materials. According to OPM, the breach includes data from 19.7 million current, former, and prospective employees and contractors who applied for a background investigation after 2000. Additionally, the breach includes personally identifiable information of 1.8 million non-applicants, which OPM states are primarily 'spouses or cohabitants of applicants.' OPM also confirmed that 'the usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen,' and that some of the records compromised by the breach include fingerprints.
