The Obama administration was scrambling Friday to contain the damage from a massive cyber-breach which may have put the entire federal workforce at risk, as officials began to point the finger at China-based hackers.
The Department of Homeland Security issued a statement confirming the breach, saying that it had concluded at the beginning of May that data from the Office of Personnel Management (OPM) and the Interior Department had been compromised.
OPM serves as the human resources department for the federal government. The agency said it would reach out to roughly 4 million individuals who could have been “compromised,” while acknowledging more could be affected. An investigation involving the FBI and a DHS team is underway to determine the “full impact” to federal workers.
As for the millions already flagged as potentially affected, the government is offering them credit report access, as well as credit monitoring and identity theft insurance.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” OPM Director Katherine Archuleta said in a statement. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
Lawmakers pointed to the breach in reviving concerns about government safeguards against such attacks.
“I fear the massive data breach at the Office of Personnel Management may turn out to be yet another example of America being walked over by rivals and adversaries,” Sen. Lindsey Graham, R-S.C., a presidential candidate, said in a statement, warning that a “cyber ‘Pearl Harbor’ is increasingly more likely if we do not invest in the necessary infrastructure to protect our nation.”
So far, Fox News is told it does not appear the breach has affected House or Senate computer systems, though some congressional aides applying for security clearances may have been affected — as their materials would have been processed by OPM.
On Friday, White House Press Secretary Josh Earnest said no conclusions have been reached about who was behind the cyberattack. He stressed it’s still under investigation, and noted the government might never publicly disclose who they suspect is responsible.
“I can’t guarantee, necessarily, that our law enforcement professionals will assess that making that information public is in the best interest of the investigation,” Earnest said.
He also said the government is now accelerating the roll-out of the next generation of their intrusion-detection system. It had been scheduled for 2018 and now should be implemented across all federal civilian agencies next year, Earnest said.
Despite Earnest’s comments, officials are said to be looking at the possibility of hackers based in China. Sen. Susan Collins, R-Maine, a member of the Senate Intelligence Committee, told the Associated Press that investigators suspect the cyberattack was carried out by the Chinese.
She said the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
If confirmed, the incident would be the second major breach by Beijing in less than a year.
Fox News has also learned through cyber-intelligence firm iSight Partners that the malware signatures attached to the OPM data breach link the attack to the same cyber espionage group that is responsible for penetrating the Anthem health insurance network.
While iSight couldn’t directly attribute this attack to China, analysis of the Anthem attack has led investigators to believe it’s the work of Chinese hackers.
A spokesman for the Chinese Embassy in Washington called any such accusations “not responsible and counterproductive.”
“Cyber attack is a global threat which could [sic] only be addressed by international cooperation based on mutual trust and mutual respect,” Zhu Haiquan said in a statement late Thursday. “We hope all countries in the world can work constructively together to address cyber security issues, push forward the formulation of international rules and norms in … cyberspace, in order to build a peaceful, secure, open and cooperative cyberspace.”
On Friday, a spokesman for China’s foreign ministry said the allegations were “irresponsible and unscientific.” Hong Lei said at a regularly scheduled news briefing that Beijing hoped that the U.S. would be “less suspicious and stop making any unverified allegations, but show more trust and participate more in cooperation.”
China routinely dismisses any allegation of its official involvement in cyberattacks on foreign targets, while invariably noting that it is often the target of hacking attacks and calling for greater international cooperation in combating cybercrime.
DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM’s systems and the Interior Department’s data center, which is shared by other federal agencies.
It was unclear why the EINSTEIN system didn’t detect the breach until after so many records had been copied and removed.
“DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion,” the statement said.
A well-placed intelligence source told Fox News that names, addresses and social security information were compromised, and that the breach involved an “advanced persistent threat” designed to harvest information covertly without crippling systems.
Sources told Fox News that the investigators were considering the possibility the attack was linked to another attack in October involving the White House. Fox News has also learned that the attack bears similarities to those carried out by nation-states, not by criminal syndicates.
The Associated Press, which first reported the breach, cited officials saying that the breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen.
“This is an attack against the nation,” said Ken Ammon, chief strategy officer of software security company Xceedium, who added that the stolen information could be used to impersonate or blackmail federal employees with access to sensitive information.
Fox News’ Catherine Herridge, Chad Pergram and Matt Dean, and The Associated Press contributed to this report.