Given that OPM is following the administration’s draft data breach legislation, I fully expect that if the investigation concludes this data was lost, OPM will disclose it. Stay tuned.
This breach has crossed streams with a breach a year ago that did involve investigative files.
So, based on what we know now, this incident is a big loss of PII but it’s not that big a loss of information of intelligence value. We may find out later that the hackers also got their hands on the SF-86s—the forms you fill out when you apply for a security clearance. I am fully confident that if the investigation uncovers those losses, there will be a second statement from OPM and an offer for credit monitoring for contractors and family members.
To put all of this in perspective, here are five Chinese hacks that are worse than the breach at OPM based on a list of significant cyber incidents compiled by the Center for Strategic and International Studies.
This is a good list of additional Chinese cyber attacks against US interests. However, I am not entirely sure these are worse than the OPM hack, although they surely are significantly malignant actions.