What is OPM Data Breach?
A 2015 breach of the US Office of Personnel Management that exposed the personal data, security clearance background investigations, and fingerprints of 22.1 million current and former federal employees — attributed to Chinese state-sponsored hackers.
Also known as: OPM Hack, Office of Personnel Management Breach, Federal Employee Data Breach
The OPM breach gave a foreign government the most detailed personal information imaginable about 22.1 million people who hold or applied for US security clearances — essentially a roadmap for espionage, blackmail, and intelligence operations.
What Happened
- 2014–2015: Chinese state-sponsored hackers (attributed to APT groups linked to PLA/MSS) breached OPM systems
- Two separate but related breaches were discovered:
- 4.2 million current/former federal employees' personnel records
- 21.5 million security clearance background investigation files (SF-86 forms)
- OPM's systems had no encryption, no multi-factor authentication, and outdated security
What Was Exposed
Personnel Records (4.2 million)
- Social Security numbers, names, dates and places of birth
- Current and former addresses
- Job assignments and performance reviews
Background Investigation Files (21.5 million)
The SF-86 security clearance form is the most detailed personal document the government collects:
- Complete personal history — every address, employer, school, and trip abroad
- Financial records — debts, bankruptcies, tax problems
- Mental health history — counseling, therapy, psychiatric treatment
- Drug and alcohol use
- Criminal history
- Foreign contacts and relationships
- Family members and associates (including non-applicants)
- Interview notes from neighbors, coworkers, and friends
- 5.6 million fingerprint records
Why This Breach Is Uniquely Dangerous
Intelligence Goldmine
SF-86 data reveals exactly what a foreign intelligence service needs to recruit, blackmail, or identify spies. It maps who has access to what, who has vulnerabilities, and who has foreign connections.
Fingerprints Are Permanent
Unlike passwords, fingerprints cannot be changed. 5.6 million stolen fingerprints represent a permanent biometric compromise.
Human Cost
Federal employees with secret personal information exposed reported anxiety, depression, and fear of foreign targeting. Some CIA officers overseas had to be recalled.
The Aftermath
- OPM Director Katherine Archuleta resigned
- US government offered free identity monitoring to affected individuals
- Led to creation of the National Background Investigations Bureau (replacing OPM's role)
- Considered one of the most damaging intelligence breaches in US history
- No individuals have been publicly charged
Related Terms
Biometric Database
A centralized collection of biometric data (fingerprints, face scans, iris patterns) that once breached cannot be remediated because biometric data cannot be changed.
Data Breach
A security incident where protected, sensitive, or confidential data is accessed, stolen, or exposed by unauthorized individuals. Data breaches can result from hacking, insider threats, lost devices, or misconfigured systems.
Five Eyes Alliance
An intelligence-sharing alliance between the US, UK, Canada, Australia, and New Zealand that cooperates on signals intelligence and mass surveillance.
Mass Surveillance
The systematic monitoring of entire populations' communications, movements, and activities by governments, enabled by modern technology and justified as necessary for national security.
PII (Personally Identifiable Information)
Any data that can be used to identify a specific individual, including name, address, phone number, email, Social Security number, and biometric data.
Have more questions?
Use our guided flow to get the right next privacy step for OPM Data Breach.
Open Guided Flow