Menu
Browse

Cyber Incident Victim: Office of Personnel Management

Date:

Mar 2014

Location:

United States of America

Summary

Chinese hackers breached a U.S. federal agency responsible for personnel data, targeting security clearance files containing sensitive employee information such as foreign contacts, employment history, and personal details. The intrusion was detected and blocked, with officials attributing it to China but unable to confirm direct government involvement. While initial assessments found no evidence of stolen personally identifiable information, the attackers accessed databases linked to the e-QIP system used for processing security clearances. The incident highlighted persistent cyber espionage efforts by Chinese military-linked units despite prior U.S. indictments against such actors. The breach was not publicly disclosed initially, consistent with policies requiring notification only when personal data is confirmed compromised.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

In March 2014, Chinese hackers breached computer networks of the U.S. Office of Personnel Management (OPM), targeting databases containing personal information of federal employees applying for top-secret security clearances. The attackers accessed systems housing sensitive applicant data including foreign contacts, employment history, financial records, and personal details such as past drug use. Department of Homeland Security (DHS) monitoring systems detected the intrusion mid-March, prompting federal authorities to block network access. Senior U.S. officials confirmed the attack originated from China but could not definitively attribute it to government actors. OPM and DHS initiated an emergency response team to assess risks and mitigate potential damage, though initial investigations found no evidence of personally identifiable information (PII) theft. The breach specifically threatened the e-QIP system, a platform federal employees use to submit and update clearance-related personal data for security investigations.

Cyber Incident Image

The intrusion occurred amid heightened U.S.-China tensions over cyber operations, following the May 2014 indictment of People’s Liberation Army (PLA) Unit 61398 members for corporate espionage. Security researchers subsequently linked PLA Unit 61486 to hundreds of additional attacks on Western aerospace and satellite entities, demonstrating continued Chinese military cyber activity despite U.S. legal actions. OPM’s breach highlighted systemic vulnerabilities in systems managing national security workforce data, though the administration withheld public disclosure citing absence of confirmed PII compromise. DHS and OPM shared threat indicators with other government agencies and select security industry partners as part of standard response protocols. The incident coincided with high-level U.S.-China diplomatic talks in Beijing, where cyber intrusions remained a contentious issue exacerbated by Snowden-era revelations of NSA activities against Chinese targets. Federal officials expressed concern over persistent Chinese military hacking against critical U.S. sectors including defense contractors developing missile, drone, and nuclear technologies.

Sources
Sources available to members
1 source