The OPM breach disclosed in June 2015 actually comprised two distinct intrusions. This earlier intrusion — dating to approximately March 2014 or possibly as early as late 2013 — targeted OPM’s personnel data systems and compromised records for approximately 4.2 million current and former federal government employees. The attackers used PlugX malware (a remote access trojan commonly associated with Chinese threat actors) to maintain persistence. Exposed data included names, Social Security numbers, dates and places of birth, job assignments, performance ratings, and training records. This intrusion was discovered in April 2015 during a network security improvement project. A separate, later intrusion by different Chinese actors (APT10) compromised the SF-86 security clearance background investigation files for 21.5 million individuals (see: 2015-06_opm-security-clearance-breach.yaml). The two intrusions were investigated separately but were both attributed to Chinese intelligence services. The personnel file breach was disclosed first (June 4, 2015), with the much larger and more sensitive SF-86 breach disclosed a month later (July 9, 2015). The existence of two simultaneous long-running intrusions by potentially distinct Chinese APT groups demonstrated the severity of OPM’s security posture failures.