{
	"id": "04dbaa06-2b6f-438a-8f04-f0563108aa1f",
	"created_at": "2026-04-06T00:09:20.203421Z",
	"updated_at": "2026-04-10T03:21:35.727086Z",
	"deleted_at": null,
	"sha1_hash": "78b24978cfdafa879f8ea5007617fb902db489c7",
	"title": "Cybersecurity Incidents",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 74109,
	"plain_text": "Cybersecurity Incidents\r\nArchived: 2026-04-05 18:47:49 UTC\r\nWhat Happened\r\nIn 2015, OPM announced two separate but related cybersecurity incidents that have impacted the data of\r\nFederal government employees, contractors, and others:\r\n1. In June 2015, OPM discovered that the background investigation records of current, former, and\r\nprospective Federal employees and contractors had been stolen. OPM and the interagency incident\r\nresponse team have concluded with high confidence that sensitive information, including the Social\r\nSecurity Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation\r\ndatabases. This includes 19.7 million individuals that applied for a background investigation, and 1.8\r\nmillion non-applicants, primarily spouses or co-habitants of applicants. Some records also include findings\r\nfrom interviews conducted by background investigators and approximately 5.6 million include fingerprints.\r\nUsernames and passwords that background investigation applicants used to fill out their background\r\ninvestigation forms were also stolen.\r\nWhile background investigation records do contain some information regarding mental health and financial\r\nhistory provided by applicants and people contacted during the background investigation, there is no\r\nevidence that health, financial, payroll and retirement records of Federal personnel or those who have\r\napplied for a Federal job were impacted by this incident (for example, annuity rolls, retirement records,\r\nUSA JOBS, Employee Express).\r\n2. Earlier in 2015, OPM discovered that the personnel data of 4.2 million current and former Federal\r\ngovernment employees had been stolen. This means information such as full name, birth date, home\r\naddress and Social Security Numbers were affected.\r\nBack to Top\r\nHow You May Be Affected\r\nIf you underwent a Federal background investigation in 2000 or afterwards (which occurs through the submission\r\nof forms SF-86(PDF file), SF-85(PDF file), or SF-85P(PDF file) for either a new investigation or a\r\nreinvestigation), it is highly likely that you were impacted by the incident involving background investigations. If\r\nyou underwent a background investigation prior to 2000, you still may have been impacted, but it is less likely.\r\nCurrent or former Federal employees may also have been impacted by the separate but related incident involving\r\npersonnel records.\r\nLearn more about who was impacted and the protections we are working to put into place.\r\nCurrent and former Federal government employees\r\nhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nPage 1 of 7\n\nIf you are a current or former Federal government employee, including members of the U.S.\r\nmilitary, your data may have been impacted by the incident announced in 2015\r\nimpacting background investigation records. Current or former Federal government employees\r\nmay also have been impacted by the separate incident involving personnel records.\r\nTypes of information involved in the background investigation records incident that may\r\nhave been impacted:\r\nSocial Security Numbers\r\nResidency and educational history\r\nEmployment history\r\nInformation about immediate family and personal and business acquaintances\r\nHealth, criminal and financial history that would have been provided as part of your\r\nbackground investigation\r\nSome records could also include:\r\nFindings from interviews conducted by background investigators\r\nFingerprints\r\nUsernames and passwords used to fill out your forms\r\nIf you may have used your e-QIP (the online system used to process forms) password for\r\nother accounts or services, you should change your passwords for those accounts\r\nimmediately and not reuse any passwords that you used in the e-QIP system.\r\nTypes of information involved in personnel records incident include:\r\nName\r\nSocial Security number\r\nDate and place of birth\r\nCurrent and former addresses\r\nCommon personnel file information such as job assignments, training records, and\r\nbenefit selection decisions\r\nServices available to you:\r\nIf your data was impacted by the background investigation records incident or personnel\r\nrecords incident, you should have received a notification letter and PIN code in the mail providing\r\ndetails on the incident and the services available to you and your minor dependent children, such as:\r\nFull service identity restoration, which helps to repair your identity following fraudulent\r\nactivity. Those impacted by the background investigation incident can review the identity\r\ntheft monitoring and restoration services information.\r\nIdentity theft insurance, which can help to reimburse you for certain expenses incurred if\r\nyour identity is stolen.\r\nContinuous identity and credit monitoring.\r\nhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nPage 2 of 7\n\nInstructions on how to enroll in other services were included in your notification. If you have not\r\nyet received a notification but believe you were impacted by the 2015 cybersecurity incidents,\r\nplease visit the Verification Center.(external link)\r\nActive duty servicemembers and veterans\r\nIf you are an active duty servicemember or veteran, you may have been impacted by the 2015\r\nincident impacting background investigation records. We have no evidence to suggest that active\r\nduty servicemembers or veterans were affected by the personnel records incident.\r\nTypes of information involved in the background investigation records incident that may have\r\nbeen impacted:\r\nSocial Security Numbers\r\nResidency and educational history\r\nEmployment history\r\nInformation about immediate family and personal and business acquaintances\r\nHealth, criminal and financial history that would have been provided as part of your\r\nbackground investigation\r\nSome records could also include:\r\nFindings from interviews conducted by background investigators.\r\nFingerprints\r\nUsernames and passwords used to fill out your forms\r\nIf you may have used your e-QIP (the online system used to process forms) password for other\r\naccounts or services, you should change your passwords for those accounts immediately and not\r\nreuse any passwords that you used in the e-QIP system.\r\nServices available to you:\r\nIf your data was impacted by the background investigation incident, you should have received a\r\nnotification letter and PIN code in the mail providing details on the incident and the services\r\navailable to you and your minor dependent children, such as:\r\nFull service identity restoration, which helps to repair your identity following fraudulent\r\nactivity. Those affected by the background investigation incident can review the identity\r\ntheft monitoring and restoration services information.\r\nIdentity theft insurance, which can help to reimburse you for certain expenses incurred if\r\nyour identity is stolen.\r\nContinuous identity and credit monitoring\r\nCurrent and former Federal contractors\r\nCurrent or former Federal contractors may have been impacted by the 2015 incident\r\nimpacting background investigation records. We have no evidence to suggest that current or\r\nhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nPage 3 of 7\n\nformer Federal contractors were affected by personnel records incident.\r\nTypes of information in the incident involving background investigation records: \r\nSocial Security Numbers\r\nResidency and educational history\r\nEmployment history\r\nInformation about immediate family and personal and business acquaintances\r\nHealth, criminal and financial history\r\nSome records could also include:\r\nFindings from interviews conducted by background investigators\r\nFingerprints \r\nUsernames and passwords used to fill out your forms\r\nIf you may have used your e-QIP (the online system used to process forms) password for other\r\naccounts or services, you should change your passwords for those accounts immediately and not\r\nreuse any passwords that you used in the e-QIP system.\r\nServices available to you:\r\nIf your data was impacted by the background investigation incident, you should have received a\r\nnotification letter and PIN code in the mail providing details on the incident and the services\r\navailable to you and your minor dependent children, such as:\r\nFull service identity restoration, which helps to repair your identity following fraudulent\r\nactivity. Those affected by the background investigation incident can review the identity\r\ntheft monitoring and restoration services information.\r\nIdentity theft insurance, which can help to reimburse you for certain expenses incurred if\r\nyour identity is stolen.\r\nContinuous identity and credit monitoring\r\nJob candidates for federal employment who were required to complete a background investigation\r\nCandidates who were required to complete a background investigation form prior to employment\r\nmay have been impacted by the 2015 incident affecting background investigation records. We\r\nhave no evidence to suggest that job candidates were affected by the personnel records incident.\r\nTypes of information in background investigation incident that may have been impacted:\r\nSocial Security Numbers\r\nResidency and educational history\r\nEmployment history\r\nInformation about immediate family and personal and business acquaintances\r\nHealth, criminal and financial history\r\nSome records could also include:\r\nhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nPage 4 of 7\n\nFindings from interviews conducted by background investigators\r\nFingerprints \r\nUsernames and passwords used to fill out your forms\r\nIf you may have used your e-QIP (the online system used to process forms) password for other\r\naccounts or services, you should change your passwords for those accounts immediately and not\r\nreuse any passwords that you used in the e-QIP system.\r\nServices available to you:\r\nIf your data was impacted by the background investigation incident you should have received a\r\nnotification letter and PIN code in the mail providing details on the incident and the services\r\navailable to you and your minor dependent children, such as:\r\nFull service identity restoration, which helps to repair your identity following fraudulent\r\nactivity. Those affected by the background investigation incident can review the identity\r\ntheft monitoring and restoration services information.\r\nIdentity theft insurance, which can help to reimburse you for certain expenses incurred if\r\nyour identity is stolen.\r\nContinuous identity and credit monitoring\r\nSpouses and co-habitants of current and former Federal employees, contractors, and job candidates whose\r\ninformation was stolen\r\nIf your information was listed on a background investigation form by a spouse or co-habitant, the\r\nstolen information may include your name, Social Security number, address, date and place of birth,\r\nand in some cases, your citizenship information.\r\nServices available to you:\r\nIf your data was impacted by the background investigation incident you should have received a\r\nnotification letter and PIN code in the mail providing details on the incident and the services\r\navailable to you and your minor dependent children, such as:\r\nFull service identity restoration, which helps to repair your identity following fraudulent\r\nactivity. Those affected by the background investigation incident can review the identity\r\ntheft monitoring and restoration services information.\r\nIdentity theft insurance, which can help to reimburse you for certain expenses incurred if\r\nyour identity is stolen.\r\nContinuous identity and credit monitoring\r\nImmediate family, close contacts, and references of current and former Federal employees, contractors, and\r\njob candidates whose information was stolen\r\nBeyond applicants and their spouses or co-habitants described above, you may be someone whose\r\nname, address, date of birth, or other similar information may have been listed on a background\r\ninvestigation form. In many cases, the information about these people is the same as what is\r\ngenerally available in public forums such as online directories or social media, and generally does\r\nhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nPage 5 of 7\n\nnot present the same level of risk of identity theft or other issues. While services will not be\r\nprovided to you at no cost, there are a number of steps you can take to protect your identity (see\r\nbelow).\r\nBack to Top\r\nWhat You Can Do\r\nHere are steps you can take to protect your identity:\r\nSpot the warning signs of identity theft\r\nVisit IdentityTheft.gov(external link) to learn how to set up protections:\r\nGet a free credit report(external link)\r\nSet up fraud alerts on your accounts\r\nProtect your children/minors from identity theft(external link)\r\nBe aware of phishing scams\r\nPhishing(external link) is when a fraudster impersonates a business or someone you trust in order to\r\nget your private information. Never click on links you don't trust and don't give out your personal\r\ninformation. Legitimate organizations never ask for your information through texts, pop-up\r\nmessages, or email. Scammers may call and pretend to be from the government or a business to try\r\nto get you to give them sensitive information. If a caller asks for your information, call back using a\r\nnumber you know to be legitimate.\r\nUpdate your passwords\r\nIf the information in your background investigation forms could be used to guess your passwords or\r\nif you are using the same password that you did when you filled out your background investigation\r\nform, change them. Use complex passwords of 10-12 characters, combining letters, numbers, and\r\nspecial characters. Don't use something that is easily guessable for someone who knows you or has\r\ninformation about you. Don't repeat passwords for several accounts. For more information on how\r\nto choose a strong password, review the United States Computer Emergency Response Team’s (US-CERT) tips for Choosing and Protecting Passwords(external link).\r\nGet up to speed on computer security\r\nReview and check up on your practices for safe, secure and responsible online activity. The Federal\r\nTrade Commission(external link) lists helpful steps you can take to make sure your computer is as\r\nsafe as possible. For additional information on computer security, including information about\r\nfirewalls, anti-virus software, and identifying security threats, review tips and the latest\r\ncybersecurity alerts and bulletins from the US-CERT’s National Cyber Awareness System(external\r\nlink).\r\nIf you think your identity has been stolen\r\nhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nPage 6 of 7\n\nIf you believe your information has been misused, there are several steps you should take.\r\nIf you are concerned that you are experiencing identity theft, visit identitytheft.gov(external\r\nlink). This site explains steps you can take to recover your identity.\r\nIf you are concerned about your child's identity being stolen, the Federal Trade Commission\r\nhas information and resources(external link) to know what to look for and how to get help.\r\nYou can also file a claim with the FBI.(external link)\r\nLearn how to keep your information safe from exploitation\r\nYou can find information about the measures you can take to ensure the safety of your personal\r\ninformation at the National Counterintelligence and Security Center (NCSC)\r\nat http://www.ncsc.gov(external link).\r\nTips for practicing safe online behavior every day\r\nPracticing safer online behavior helps you protect yourself from identity theft, fraud, and other\r\nonline crimes and malicious activity. Learn what you can do to protect yourself, your family, and\r\nyour workplace through tips and free resources from Stop.Think.Connect™(external link), a\r\nnational cybersecurity awareness campaign led by the Department of Homeland Security and the\r\nNational Cyber Security Alliance.\r\nBack to Top\r\nWhat We're Doing to Help\r\nSupporting people who have been impacted\r\nIdentity theft restoration and credit monitoring services have been provided at no cost to individuals\r\nwhose information was compromised in the OPM cyber incidents. Certain services are also\r\navailable to the dependent minor children of impacted individuals who were under the age of 18 as\r\nof July 1, 2015. These services include:\r\nFull service identity restoration, which helps to repair your identity following fraudulent\r\nactivity.\r\nIdentity theft insurance, which can help to reimburse you for certain expenses incurred if\r\nyour identity is stolen.\r\nContinuous identity and credit monitoring\r\nIf you've received a notification letter and PIN code from OPM, please sign up for MyIDCare.\r\nInstructions on how to enroll in other services were included in your notification. If you have not\r\nyet received a notification but believe you were impacted by the 2015 cybersecurity incidents please\r\nvisit the Verification Center(external link).\r\nSource: https://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/\r\nPage 7 of 7",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/"
	],
	"report_names": [
		"cybersecurity-incidents"
	],
	"threat_actors": [],
	"ts_created_at": 1775434160,
	"ts_updated_at": 1775791295,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/78b24978cfdafa879f8ea5007617fb902db489c7.pdf",
		"text": "https://archive.orkl.eu/78b24978cfdafa879f8ea5007617fb902db489c7.txt",
		"img": "https://archive.orkl.eu/78b24978cfdafa879f8ea5007617fb902db489c7.jpg"
	}
}