In 2015, hackers breached the US Office of Personnel Management (OPM) systems and stole sensitive personal and background check information on millions of US government employees and contractors. The stolen data included fingerprints, personal details, and potentially compromising information from SF-86 forms. Reports after the attack found that OPM had security gaps and an ineffective response that could have minimized the breach if addressed properly. This document provides instructions to review reports on the OPM breach and assess its incident response based on NIST guidelines. Students are asked to evaluate one stage of the incident response process - identification, containment, eradication, recovery or lessons learned - and discuss what went well and what was not handled properly. They should also briefly assess