Evidence Obtained By Committee Debunks Claim That CyTech Was First to Discover OPM Data Breach

May 26, 2016
Press Release

Evidence Obtained By Committee Debunks Claim That CyTech Was First to Discover OPM Data Breach


Washington, D.C. (May 26, 2016)—Today, Rep. Elijah E. Cummings, Ranking Member of the House Committee on Oversight and Government Reform, sent a letter refuting claims that CyTech Services first detected last year’s cyber-attacks against Office of Personnel Management (OPM), based on documents and interviews conducted by the Committee.

“The evidence obtained by the Committee confirms that OPM discovered the data breach five or six days before CyTech conducted its product demonstration on April 21, 2015, and that the malware OPM identified was the same malware that was later identified by CyTech,” Cummings wrote.  “As a result, claims that CyTech was responsible for first detecting the OPM data breaches are inaccurate.”

Cummings sent his letter in response to a referral letter and memorandum from the House Permanent Select Committee on Intelligence on June 23, 2015, as multiple press reports and news accounts stated that the detection of cyber attack against OPM “appears to have arisen during a product demonstration by network security company CyTech Services” on April 21, 2015.

To investigate these claims, the Committee requested documents from OPM, CyTech, and the United States Computer Emergency Readiness Team (US-CERT), and it conducted transcribed interviews with CyTech’s President, OPM’s Director of Security Operations, and several other officials.

For example, the Committee obtained a report issued by US-CERT stating that between April 16 and 20, 2015, OPM “provided US-CERT with a document containing information on suspicious IP Addresses and domains that may have been involved with the incident.”  The Committee also obtained another US-CERT report stating that on April 15, 2015, OPM discovered an unknown SSL certificate on their network that was being used to communicate with the known malicious domain opmsecurity.org.

Committee staff also conducted a transcribed interview with the OPM contract engineer who actually detected the breach five or six days before CyTech Services as part of his work in OPM’s Security Operations Center.  Two additional OPM security employees confirmed his account that OPM detected the breach several days before CyTech’s product demonstration.

Click here to read the letter.


114th Congress