Data stolen from US government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, US officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.
The breach of computer systems of the Office of Personnel Management was disclosed on Thursday by the Obama administration, which said records of up to 4 million current and former federal employees may have been compromised.
Accusations by US government sources of a Chinese role, including possible state sponsorship, in the cyber attack could further strain ties between Washington and Beijing. Tensions are already heightened over Chinese assertiveness in pursuit of territorial claims in the South China Sea.
Several US officials, who requested anonymity, said the hackers were believed to have been based in China but that it was not yet known if the Chinese government or criminal elements were involved.
Another US official said the breach was being investigated as a matter of national security.
The cyber attack was among the most extensive thefts of information on the federal work force, and one US defense official said it was clearly aimed at gaining valuable information for intelligence purposes.
"This is deep. The data goes back to 1985," a US official said. "This means that they potentially have information about retirees, and they could know what they did after leaving government."
Access to data from OPM's computers, such as birth dates, Social Security numbers and bank information, could help hackers test potential passwords to other sites, including those with
Information about weapons systems, the official said.
"That could give them a huge advantage," the official said.
Investigators have linked the OPM breach to earlier thefts of personal data from millions of records at Anthem Inc, the second largest US health insurer, and Premera Blue Cross, a healthcare services provider.
It was the second computer break-in in less than a year at OPM, the federal government's personnel office, and the latest in a string of cyber attacks on US agencies, some of which have been blamed on Chinese hackers.
A Chinese Foreign Ministry spokesman said such accusations had been frequent of late and were irresponsible. Hacking attacks were often cross-border and hard to trace, he said.
White House spokesman Josh Earnest said, "It's not clear who the perpetrators are," but he noted that President Barack Obama and his aides regularly raise with their Chinese counterparts concerns about Chinese behavior in cyberspace.
Disclosure of the latest computer breach comes ahead of the annual US-China Strategic and Economic Dialogue scheduled for June 22-24 in Washington, D.C. Cyber security was already expected to be high on the agenda.
US officials said the talks would proceed as scheduled, as would Obama's plans to host Chinese President Xi Jinping on a state visit to Washington in the fall.
FBI probe under way
The Federal Bureau of Investigation has launched a probe of the OPM attack, and vowed that it would bring to account those responsible for the hacking.
OPM detected new malicious activity affecting its information systems in April and the Department of Homeland Security (DHS) said it concluded early in May that OPM's data had been compromised and about 4 million workers may have been affected.
Hackers hit OPM's IT systems and its data stored at the Department of the Interior's data center, a shared service center for federal agencies, a DHS official said on condition of anonymity.
Chinese hackers were blamed for penetrating OPM's computer networks last year, and hackers appeared to have targeted files on tens of thousands of employees who had applied for top-secret security clearances, the New York Times reported last July, citing unnamed US officials.
Recommended reading:
China in focus as cyber attack hits millions of US federal workers
James Lewis, a cyber security expert at the Center for Strategic and International Studies think tank, said the administration's disclosure of the hacking could be a signal to China of Washington's plan to push hard on cyber issues at this month's talks.
"The Chinese have been saying privately, and somewhat in public, that we want the summit to go really well. 'Let's not talk about espionage. Let's talk about how we can work together'," said Lewis, a former State Department official.
"This might be a US response to that: 'No, we are going to talk about espionage.'"
He suggested it might also be a way of telling the Chinese that part of the cost of their conduct in the South China Sea, where Beijing is carrying out land reclamation on tiny islands and reefs, will be a tense round of meetings in Washington.
House memo says US agency knows types of data exposed to hackers
The US Office of Personnel Management knows what types of data were exposed to hackers who broke into government computers but not what data was actually taken, a US House of Representatives memo said on Friday.
The memo was sent to all House staff by Chief Administrative Officer Ed Cassidy, and was obtained by Reuters. Cassidy's office provides support services to the House, including cyber-security services.
Share
