Millions of US government workers hit by data breach

  • Published
Media caption,

A member of the Senate Intelligence Committee has said Chinese hackers were behind the attack.

Chinese hackers are suspected of carrying out a "massive breach" of the personal data of nearly four million US government workers, officials said.

The Office of Personnel Management (OPM) confirmed that both current and past employees had been affected.

The breach could potentially affect every federal agency, officials said.

US officials said the hackers were believed to be based in China. Beijing responded by calling such claims "irresponsible".

OPM said it became aware of the breach in April, external during an "aggressive effort" to update its cyber security systems.

It said it would be contacting all those individuals whose personal data may have been breached in the coming weeks, and offering them 18 months of free credit monitoring and identity theft insurance.

OPM serves as the human resource department for the federal government. The agency issues security clearances and compiles records of all federal government employees.

Information stored on OPM databases includes employee job assignments, performance reviews and training, according to officials.

The breach did not involve background checks and clearance investigations, officials said.

China military unit 'behind prolific hacking'

Sony Pictures hack: Whodunnit?

Analysis by Tom Bateman, BBC News, Washington

It is the scale of what the OPM calls a "cyber intrusion" in April this year that is breathtaking - the records of four million former and current government employees may have been breached.

The agency is contacting all of those potentially affected, offering to insure them against identity fraud. Of even greater concern may be the fact that security clearance information on government officials could have been targeted.

US officials are only too aware of the real damage caused by such virtual threats. In the past year, a growing number of government agencies and companies - most notoriously Sony Pictures - have fallen victim to such attacks.

Susan Collins, a member of the Senate Intelligence Committee, said the hackers were believed to be based in China.

She called the breach "yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances".

But China denied there was any official involvement in the attack.

"Cyber attacks are generally anonymous and conducted across borders and their origins are hard to trace," foreign ministry spokesman Hong Lei said at a regular briefing.

"Not to carry out a deep investigation and keep using words such as 'possible' is irresponsible and unscientific."

Image source, Getty Images
Image caption,

Senator Susan Collins said the hackers were believed to be based in China

Previous hack attacks on US government

  • In November 2014 a hack compromised files belonging to 25,000 employees of the Department of Homeland Security, as well as thousands of other federal workers

  • In March 2014 hackers breached OPM networks, targeting government staff with security clearance, but the attempt was blocked before any data was stolen. The intrusion was traced to China

  • In 2006, hackers believed to be based in China breached the system of a sensitive bureau in the US Department of Commerce. Hundreds of workstations had to be replaced

The FBI and the Department of Homeland Security are investigating the latest breach.

Ken Ammon, chief strategy officer of Xceedium - a cyber security firm - warned that the hacked data could be used to impersonate or blackmail federal employees with access to sensitive information.

Congressman Adam Schiff has called for cyber databases to be upgraded.

Americans "expect that federal computer networks are maintained with state of the art defences", Mr Schiff said.

"The cyber threat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it's clear that a substantial improvement in our cyber databases and defences is perilously overdue."

Are you a current or former employee of the Office of Personnel Management? Have you been contacted by the agency? You can share your experience by emailing haveyoursay@bbc.co.uk, external.

If you would be happy to speak further to a BBC journalist, please include a contact telephone number when emailing us your details.