The full scope of the massive data breach at the Office of Personnel Management might be even larger than first reported, though early indications show the attack was likely contained to OPM servers.

On June 4, OPM announced that records on more than 4 million current and former federal employees had been exfiltrated in a breach traced back to December 2014. The agency first noticed malicious activity on its servers in April after installing more robust security tools and discovered in May that sensitive personal information had been stolen.

More: Massive OPM data breach went undetected for months

The breach could extend further, however, as the same threat signature was detected attempting to access other federal networks.

The breach was immediately reported to the FBI for investigation, as well as the Department of Homeland Security, which manages the Einstein cyber threat detection program. The Einstein program is used to block known threats, though it cannot detect new vulnerabilities or attacks until there is an associated threat signature.

Once the attack signature was identified in the OPM breach, the information was put into the Einstein system, allowing agencies to block any future malicious activity along the same threat vector.

More: Lawmakers fault OPM over massive cyber breach

However, once the signature was entered into Einstein, the same malicious activity was discovered on other federal systems, according to a DHS official.

Another official said the signature had been identified elsewhere, however no other successful breaches have been attributed to this attack at this time.

An official at the Interior Department, which manages the shared service data center that houses OPM's servers, said the investigation is ongoing but, as of yet, the breach seems to be contained to OPM.

More: What does OPM's data breach mean for you?

"There is currently no evidence that data from other customers was exfiltrated," the official said.

"The Department of the Interior is working closely with OPM, the Department of Homeland Security and the FBI as they investigate this cybersecurity incident potentially affecting personnel data," an agency spokesperson said. "Interior is employing a comprehensive, multi-pronged remediation strategy to prevent, detect and act against malicious activity on our network in order to respond and recover following an incident."

Interior representatives declined to comment further, citing the ongoing investigation.

Video: What should feds do after OPM data breach

Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.

Share:
More In Management
Federal contract workers deserve better pay, Congress can help
Today, the federal contract workers who are arguably struggling the most are those employed by companies operating under the Service Contract Act. These “blended federal workforce” employees typically consist of individuals from low-income communities – often women of color – performing work such as housekeeping.
Six proven steps to Zero Trust
Agency leaders are working to adopt the mindset of trust nothing and verify everything to prioritize the transformation of legacy systems.
US must prepare for proliferation of cyber warfare
To build cyber resilience in this heightened threat environment, agencies must work closely with both international counterparts and industry to align on a proactive, global approach to all cyber threats –– not just state-sponsored attacks.
In Other News
Load More