Hack exposes personal data of 4 million federal workers

The FBI says it's probing a data breach at the US agency responsible for conducting security clearance background checks.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Officials suspect hackers gained the personal data of 4 million current and former federal employees. Image by Dennis Skley, CC BY-ND 2.0

A cyberattack on the US government's personnel office compromised the data of up to 4 million current and former federal employees, officials said Thursday.

The FBI said it is investigating a hack of network security at the Office of Personnel Management. Federal officials suspect Chinese hackers are behind the data breach, believed to be the largest in a recent wave of attacks targeting federal agencies, according to The Wall Street Journal.

"The FBI is working with our interagency partners to investigate this matter," the FBI said in a statement. "We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace."

The Chinese consulate in San Francisco did not immediately respond to a request for comment.

Investigators told the Journal that the hack, detected in April, is believed to be separate from an attack detected last year. The New York Times reported last year that Chinese hackers worked their way into US government servers in March 2014 in an attempt to steal information on thousands of federal employees with top-secret clearance.

Computer hacking is a sore subject between the US and China. Both countries have publicly accused each other of breaking in to servers to steal information.

In May 2014, the US Justice Department filed charges against five alleged Chinese military hackers. They are charged with hacking American corporations and stealing information. China has denied the allegations.

The security breach is the latest in a recent wave of cyberattacks that have targeted government agencies and that are suspected of originating overseas. After a security breach of an unclassified network used by White House advisers was revealed last year, suspicion immediately fell on hackers thought to be working for the Russian government.

The National Oceanic and Atmospheric Administration, which includes the National Weather Service, also revealed last year that four of its websites were compromised by an "Internet-sourced attack." Chinese government hackers were suspected in that attack, as well as one on the US Postal Service, in which data for more than 800,000 employees was compromised.

The Office of Personnel Management is the federal government's human resources department, responsible for conducting the majority of the government's background checks for security clearances, among other responsibilities. The agency said it detected the intrusion in April and has since added additional security defenses to its network.

"The intrusion predated the adoption of the tougher security controls," the OPM said in a statement.

The OPM also said it plans to notify approximately 4 million individuals whose personally identifiable information may have been compromised in the breach. The agency also warned that additional exposure of personal information may still come to light.

"We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted," OPM Director Katherine Archuleta said in a statement.