[8] With regards to the second breach, named "X2", the New York Times had reported that the infiltration was discovered using United States Computer Emergency Readiness Team (US-CERT)'s Einstein intrusion-detection program.
[11][12][13][14] These reports were subsequently discussed by CyTech Services in a press release issued by the company on June 15, 2015[15] to clarify contradictions made by OPM spokesman Sam Schumach in a later edit of the Fortune[11] article.
[16][17] Ultimately, the conclusive House of Representatives' Majority Staff Report on the OPM breach discovered no evidence suggesting that CyTech Services knew of Cylance's involvement or had prior knowledge of an existing breach at the time of its product demonstration, leading to the finding that both tools independently "discovered" the malicious code running on the OPM network.
[8] The data breach compromised highly sensitive 127-page Standard Form 86 (SF 86) (Questionnaire for National Security Positions).
[23] The overwhelming consensus is that the cyberattack was carried out by state-sponsored attackers for the Chinese government, specifically the Jiangsu State Security Department.
[4] The attack originated in China,[6] and the backdoor tool used to carry out the intrusion, PlugX, has been previously used by Chinese-language hacking groups that target Tibetan and Hong Kong political activists.
[4] The House Committee on Oversight and Government Reform report on the breach strongly suggested the attackers were state actors due to the use of a very specific and highly developed piece of malware.
[25] In 2017, Chinese national Yu Pingan was arrested on charges of providing the "Sakula" malware used in the OPM data breach and other cyberintrusions.
"[28][29] A July 2014 story in The New York Times quoted unnamed senior American officials saying that Chinese hackers had broken into OPM.
[20][30][31] Some lawmakers made calls for Archuleta to resign citing mismanagement and that she was a political appointee and former Obama campaign official with no degree or experience in human resources.
"[33] Security experts have stated that the biggest problem with the breach was not the failure to prevent remote break-ins, but the absence of mechanisms to detect outside intrusion and the lack of proper encryption of sensitive data.
OPM CIO Donna Seymour countered that criticism by pointing to the agency's aging systems as the primary obstacle to putting such protections in place, despite having encryption tools available.
"[34] A July 22, 2015 memo by Inspector General Patrick McFarland said that OPM's Chief Information Officer Donna Seymour was slowing her investigation into the breach, leading him to wonder whether or not she was acting in good faith.
[35] On Monday 22 February 2016, CIO Donna Seymour resigned, just two days before she was scheduled to testify before a House panel that is continuing to investigate the data breach.