Authorities used a detection system called EINSTEIN to dig deeper into what information was compromised. Within a month it was discovered that sensitive data was compromised. *Date an approximation. Detection occured in the month of April, 2015.

In May, a month after authorities began using EINSTEIN, the system revealed that sensitive data had been compromised. *Date an approximation. Reveal happened a month after EINSTEIN initially deployed.

The breach, thought to have been an cyberattack from the Chinese, compromised some 4 million personally identifiable records.
US faces what may be largest gov. security breach, China suspected

The second breach was throught to affect anyone given a government background check in the last 15 years.
Nearly 22 million affected by latest OPM data breach

Katherine Archuleta, Director of Personnel Agency, resigns after reports that the second data breach has affected over 22 million people.
Nearly 22 million affected by latest OPM data breach

The audit revealed a huge lack in basic security measurs, including basic multi-factor authentication.
Wall Street Journal Article