The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history, the attack was carried out by an advanced persistent threat based in China, widely believed to be the Jiangsu State Security Department, a subsidiary of the Government of China's Ministry of State Security spy agency. The two different hackers who gained access to the system went by the names "Tony Stark," and "Steve Rogers," (in reference to the Marvel superheroes), using these names on the email address handles they used to gain access.

In June 2015, OPM announced that it had been the target of a data breach targeting personnel records. Approximately 22.1 million records were affected, including records related to government employees, other people who had undergone background checks, and their friends and family. One of the largest breaches of government data in U.S. history, information that was obtained and exfiltrated in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses. State-sponsored hackers working on behalf of the Chinese government carried out the attack.

The data breach consisted of two separate, but linked, attacks. It is unclear when the first attack occurred but the second attack happened on May 7, 2014, when attackers posed as an employee of KeyPoint Government Solutions, a subcontracting company. The first attack was discovered March 20, 2014, but the second attack was not discovered until April 15, 2015. In the aftermath of the event, Katherine Archuleta, the director of OPM, and the CIO, Donna Seymour, resigned.

The first breach, named "X1" by the Department of Homeland Security (DHS), was discovered March 20, 2014 when a third party notified DHS of data exfiltration from OPM's network.

With regards to the second breach, named "X2", the New York Times had reported that the infiltration was discovered using United States Computer Emergency Readiness Team (US-CERT)'s Einstein intrusion-detection program. However, the Wall Street Journal, Wired, Ars Technica, and Fortune later reported that it was unclear how the breach was discovered. They reported that it may have been a product demonstration of CyFIR, a commercial forensic product from a Manassas, Virginia security company CyTech Services that uncovered the infiltration. These reports were subsequently discussed by CyTech Services in a press release issued by the company on June 15, 2015 to clarify contradictions made by OPM spokesman Sam Schumach in a later edit of the Fortune article. However, it was not CyTech Services that uncovered the infiltration; rather, it was detected by OPM personnel using a software product of vendor Cylance. Ultimately, the conclusive House of Representatives' Majority Staff Report on the OPM breach discovered no evidence suggesting that CyTech Services knew of Cylance's involvement or had prior knowledge of an existing breach at the time of its product demonstration, leading to the finding that both tools independently "discovered" the malicious code running on the OPM network.

The data breach compromised highly sensitive 127-page Standard Form 86 (SF 86) (Questionnaire for National Security Positions). SF-86 forms contain information about family members, college roommates, foreign contacts, and psychological information. Initially, OPM stated that family members' names were not compromised, but the OPM subsequently confirmed that investigators had "a high degree of confidence that OPM systems containing information related to the background investigations of current, former, and prospective federal government employees, to include U.S. military personnel, and those for whom a federal background investigation was conducted, may have been exfiltrated." The Central Intelligence Agency, however, does not use the OPM system; therefore, it may not have been affected.

J. David Cox, president of the American Federation of Government Employees, wrote in a letter to OPM director Katherine Archuleta that, based on the incomplete information that the AFGE had received from OPM, "We believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees." Cox stated that the AFGE believes that the breach compromised military records, veterans' status information, addresses, dates of birth, job and pay history, health insurance and life insurance information, pension information, and data on age, gender, and race.

The stolen data included 5.6 million sets of fingerprints. Biometrics expert Ramesh Kesanupalli said that because of this, secret agents were no longer safe, as they could be identified by their fingerprints, even if their names had been changed.