DOJ backtracks on linking OPM hack to fraud case


The Justice Department said it jumped the gun with a June press release that linked recent bank loan fraud cases to the 2015 cyber heist of federal employee data from the Office of Personnel Management, which is generally attributed to the Chinese government.

In a letter to Sen. Mark Warner (D-Va.), Assistant Attorney General Stephen Boyd said the press release jumped to a "premature conclusion" when it said data from the OPM breach was used by fraudsters who applied for and opened bogus loans at the Langley Federal Credit Union.

In mid-June, Karvia Cross pleaded guilty in Virginia to one count of identity theft and conspiracy to commit bank fraud in 2015 and 2016, according to the June press release from the U.S. Attorney's Office for the Eastern District of Virginia. DOJ said several others were charged along with Cross in their efforts to leverage stolen identity data to open fake accounts at the credit union in Northern Virginia.

Federal prosecutors said the personal data the alleged thieves used was filched in the massive OPM breach, which exposed sensitive data on over 20 million people.

However, Boyd explained to Warner that the attribution was not accurate. He said the investigation has yet to determine where the alleged fraudsters got their data.

The data they used, he said, shared commonalities with OPM data, and "several" of the victims in the credit union scam identified themselves as victims in the OPM breach. However, he said, investigators have not yet concluded where the data in the credit union case originated.

"Because the victims in this case had other things in common in terms of employment and location," Boyd said of the credit union investigation, "it is possible that their data came from another common source."

When the story broke, observers were at a loss to explain how data stolen in what is widely presumed to be a state-sponsored intelligence operation would have found its way into a small-time loan fraud operation. Investigators are still at work trying to determine what that source was, Boyd said.

Boyd also said the original June press release from the Attorney's Office for the Eastern District of Virginia that linked the OPM breach and credit union cases is being revised.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected