US govt agency hacked, 4 million federal workers affected
Hackers breached the system of the US government agency responsible for gathering personnel information on federal employees and granting security clearances, potentially affecting the data of 4 million people, officials said.
It is not known who is responsible for the breach, but officials told Reuters that a foreign government or entity is to blame. The Washington Post and Wall Street Journal cited unnamed government officials who blamed Chinese hackers.
Sen. Susan Collins (R-Maine) also said Chinese hackers are believed to be behind the attack, according to the Associated Press.
The Chinese Embassy in the US has called the accusations against Chinese hackers “hypothetical” and irresponsible.
"Jumping to conclusions and making a hypothetical accusation is not responsible" and is "counterproductive," the embassy’s spokesman, Zhu Haiquan, said in reply to a Reuters inquiry, adding that it is difficult to track hacker activity across borders. China is applying great efforts to combat cyber-attacks, Zhu said.
The security breach was revealed Thursday by the US Office of Personnel Management (OPM), which is also the affected agency. However, the attack itself occurred in April.
In a press release, OPM said it will contact roughly 4 million people whose personally identifiable information may have been compromised.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta in a statement. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
An unnamed US official told the Associated Press that the hack could potentially affect every federal agency.
Striking the OPM is particularly notable, since the department is responsible for more than 90 percent of all federal background checks, the AP reported.
According to the Washington Post, the attackers may have accessed information such as peoples' job assignments, work evaluations. and training.
“Certainly, OPM is a high value target,” said OPM Chief Information Officer Donna Seymour to the newspaper. “We have a lot of information about people, and that is something that our adversaries want.”
Following reports of officials blaming Beijing for the attack, the Chinese Embassy in Washington said the US should not be "jumping to conclusions."
"Jumping to conclusions and making hypothetical accusation is not responsible, and counterproductive," ebmassy spokesman Zhu Haiquansaid in an email to Reuters.
Meanwhile, the FBI announced it is looking into the situation.
"The FBI is working with our interagency partners to investigate this matter," it said in a statement. "We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace."
Since the attack, OPM said it has implemented new security measures, such as restricting access and powers of remote administrators, and utilizing anti-malware software for further protection. A review of all connections to the network was also initiated.