The Office of Personnel Management and the Department of Homeland Security have created a timeline of the cyber attack that exposed data on approximately 22 million former and current federal employees, FCW reported Friday.
Sean Lyngaas writes an official OPM breach chronology obtained by FCW indicates hackers performed “one sustained assault rather than two separate intrusions” to access government personnel and background investigation records.
Federal investigators determined that hackers initially accessed the local area network of the agency on May 7, 2014, and that the actual data exfiltration from the agency’s background checking system occurred from July 3 through the month of August, the publication reports.
The timeline showed OPM officials did not discover the malicious activity until April 15, 2015, and immediately reported the incident to DHS’ U.S. Computer Emergency Readiness Team, the report said.
Lyngaas said US-CERT then uncovered a threat to the personnel database April 17 through the Einstein intrusion detection system.
After that, OPM implemented predictive malware prevention and host-based security tools and by April 30, the agency confirmed that malware left its network, according to FCW.