Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Witnesses appear before a House hearing on the OPM breach. Photo: Mark Wilson/Getty Images
In a reply to Senator Mark Warner's (D-VA) email attempting to cut through confusion, the Department of Justice said its June 18 press release, implying a Maryland woman somehow accessed data from the 2015 Office of Personnel Management breach, was a "regrettabl[e] ... premature conclusion."
Why it matters: The U.S. publicly accused Chinese spies of the massive breach in 2015, and arrested a Chinese national for his involvement. But a badly worded June 18 press release made it sound like 39-year-old Maryland resident Karvia Cross somehow had access to that data when she fraudulently applied for loans in the names of several OPM victims. The two stories seem incompatible — Chinese espionage wouldn't normally result in an American committing fraud.
"Because the victims in this case had other things in common in terms of employment and location, it is possible that their data came from another common source."— The DOJ to Sen. Warner
What the letter says: "A number of the victims of this scheme identified themselves to the Department of Justice as victims of the OPM data breach. However, at present, the investigation has not determined precisely how their identity information used in this case was obtained and whether it can, in fact, be sourced directly to the OPM data breach."
What's new here: The DOJ already tried to clean up the press release debacle by removing all reference to OPM from an updated press release, but had not suggested that Cross used alternate methods to access the same information, including alternate lists of employer or residential data from different, but overlapping, lists.
Axios's Codebook newsletter mentioned this was a possibility last week.
Editor's note: This story has been corrected to fix an inadvertent transcription error that led us to omit the word "not" from the Department of Justice quotation.