DOJ regrets the error on OPM-linked fraud case

DOJ as apologized for confusion over its announcement last month that a fraudster used information stolen in the infamous 2015 OPM data breach.
Sen. Mark Warner at FedTalks in June 2013. (FedScoop)

The Department of Justice has apologized for confusion over its announcement last month that a fraudster used information stolen in the infamous 2015 Office of Personnel Management breach — an episode that confounded lawmakers and ran counter to publicly available information on the breach.

The confusion began after DOJ announced on June 18 that a Maryland woman had pleaded guilty to using stolen OPM data to get car and personal loans. The public assumption had been – and still is – that Chinese hackers had stolen the data for espionage purposes.

But DOJ now says that it hasn’t yet determined whether the woman and her accomplice got the data from the OPM breach or somewhere else.

After an internal review, the U.S. Attorney’s Office for the Eastern District of Virginia appended a statement to its press release saying that “numerous victims” of the fraud self-identified as victims of the OPM breach. “The government continues to investigate the ultimate source of the [personally identifiable information] used by the defendants” and how it was obtained, the statement said.


Puzzled how the data might have ended up in American scammers’ hands, Sen. Mark Warner, D-Va., and Rep. Gerry Connolly, D-Va., wrote to DOJ and OPM demanding answers.

In a response Monday to Warner, Assistant Attorney General Stephen E. Boyd said the investigation has not yet determined exactly how the victims’ data was exposed and “whether it can, in fact, be sourced directly to the OPM data breach.”

“Because the victims in this case had other things in common in terms of employment and location, it is possible that their data came from another common source,” Boyd added.

“Regrettably,” Boyd continued, the original DOJ press release “implied a premature conclusion that the exclusive and known source of the stolen identities used in the [fraud case] was the OPM data breach.”

“We apologize for the confusion,” he wrote.


In a statement to CyberScoop, a spokesperson for Warner said the senator is “pleased that DOJ has clarified the initial announcement, which led to significant, and apparently unneeded, anxiety for millions of victims of the OPM breach.”

You can read the full letter from Boyd to Warner below.

[documentcloud url=”” responsive=true height=500]

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts