The full scope of the massive data breach at the Office of Personnel Management might be even larger than first
On June 4, OPM announced that records on more than 4 million current and former federal employees had been exfiltrated in a breach traced back to December 2014. The agency first noticed malicious activity on its servers in April after installing more robust security tools and discovered in May that sensitive personal information had been stolen.
More: Massive OPM data breach went undetected for months
The breach could extend further, however, as the same threat signature was detected attempting to access other federal networks.
The breach was immediately reported to the FBI for investigation, as well as the Department of Homeland Security, which manages the Einstein cyber threat detection program. The Einstein program is used to block known threats, though it cannot detect new vulnerabilities or attacks until there is an associated threat signature.
Once the attack signature was identified in the OPM breach, the information was put into the Einstein system, allowing agencies to block any future malicious activity along the same threat vector.
More: Lawmakers fault OPM over massive cyber breach
However, once the signature was entered into Einstein, the same malicious activity was discovered on other federal systems, according to a DHS official.
Another official said the signature had been identified elsewhere, however no other successful breaches have been attributed to this attack at this time.
An official at the Interior Department, which manages the shared service data center that houses OPM's servers, said the investigation is ongoing but, as of yet, the breach seems to be contained to OPM.
More: What does OPM's data breach mean for you?
"There is currently no evidence that data from other customers was exfiltrated," the official said.
"The Department of the Interior is working closely with OPM, the Department of Homeland Security and the FBI as they investigate this cybersecurity incident potentially affecting personnel data," an agency spokesperson said. "Interior is employing a comprehensive, multi-pronged remediation strategy to prevent, detect and act against malicious activity on our network in order to respond and recover following an incident."
Interior representatives declined to comment further, citing the ongoing investigation.
Video: What should feds do after OPM data breach
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.