News

Actions

Cyberattack compromises up to four million government workers; feds think China is the culprit

Posted
and last updated

WASHINGTON — Four million current and former federal employees, from nearly every government agency, might have had their personal information stolen by Chinese hackers, U.S. investigators said.

U.S. officials believe this could be the biggest breach ever of the government’s computer networks. China called the allegation irresponsible.

The Office of Personnel Management, which is conducting background checks, warned it was urging potential victims to monitor their financial statements and get new credit reports.

The breach was initially thought to have impacted the Office of Personnel Management and the Department of Interior, But government officials said nearly every federal government agency was hit by the hackers.

An assessment continues, and it is possible millions more government employees may be affected.

U.S. investigators: We believe this was China’s work

U.S. investigators believe they can trace the breach to the Chinese government. Hackers working for the Chinese military are believed to be compiling a massive database of Americans, intelligence officials told CNN on Thursday night.

It is not clear what the purpose of the database is.

The Washington Post and Wall Street Journal first reported Thursday that Chinese hackers were responsible for the breach.

A spokesman from the Chinese Embassy in Washington objected late Thursday to allegations that the Chinese government may be behind the massive hack.

“Cyberattacks conducted across countries are hard to track, and therefore the source of attacks is difficult to identify. Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive,” said Zhu Haiquan.

EINSTEIN detection system

Employees of the legislative and judicial branches and uniformed military personnel were not affected.

There are 2.7 million federal executive branch employees. It’s unclear whether this affected all of them, along with former employees, or only a portion of them.

The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to eventually unearth the information breach in April 2015, the Department of Homeland Security said.

A month later, the federal agency learned sensitive data had been compromised.

The FBI is investigating what led to the breach.

“We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement.

The federal personnel office said “personally identifiable information” had been breached, though the office didn’t name who might be responsible.

Senator: The breach is ‘disturbing’

Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wisconsin, called the breach “disturbing” and said the Office of Personnel Management needs to do a better job securing its information.

“It is disturbing to learn that hackers could have sensitive personal information on a huge number of current and former federal employees — and, if media reports are correct, that information could be in the hands of China,” Johnson said in a statement. “(The office) says it ‘has undertaken an aggressive effort to update its cybersecurity posture.’ Plainly, it must do a better job, especially given the sensitive nature of the information it holds.”

U.S. Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee, said hackers are one of the “greatest challenges we face on a daily bases.”

“It’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue,” Schiff said in a statement. “That’s why the House moved forward on cybersecurity legislation earlier this year, and it’s my hope that this latest incident will spur the Senate to action.”