US believes China behind cybersecurity breach affecting at least 4M federal employees


Hackers based in China are believed to be behind a massive data breach that could have compromised the personal data of at least 4 million current and former federal employees, U.S. officials said late Thursday.

Sen. Susan Collins, R-Maine, a member of the Senate Intelligence Committee, told the Associated Press that investigators suspect the cyberattack was carried out by the Chinese. She said the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”

If confirmed, the incident would be the second major breach by Beijing in less than a year. A spokesman for the Chinese Embassy in Washington called such accusations “not responsible and counterproductive.”

“Cyber attack is a global threat which could [sic] only be addressed by international cooperation based on mutual trust and mutual respect,” Zhu Haiquan said in a statement late Thursday. “We hope all countries in the world can work constructively together to address cyber security issues, push forward the formulation of international rules and norms in … cyberspace, in order to build a peaceful, secure, open and cooperative cyberspace.”

On Friday, a spokesman for China’s foreign ministry said the allegations were “irresponsible and unscientific.” Hong Lei said at a regularly scheduled news briefing that Beijing hoped that the U.S. would be “less suspicious and stop making any unverified allegations, but show more trust and participate more in cooperation.”

China routinely dismisses any allegation of its official involvement in cyberattacks on foreign targets, while invariably noting that it is often the target of hacking attacks and calling for greater international cooperation in combating cybercrime.

The Department of Homeland Security (DHS) issued a statement confirming the breach Thursday, saying that it had concluded at the beginning of May that data from the Office of Personnel Management (OPM) and the Interior Department had been compromised.

DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM’s systems and the Interior Department’s data center, which is shared by other federal agencies.

It was unclear why the EINSTEIN system didn’t detect the breach until after so many records had been copied and removed.

“DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion,” the statement said.

The OPM, which acts as the human resources department for the federal government and conducts more than 90 percent of federal background checks, said in a statement that it detected a “cyber-intrusion” into its systems in April.

A well-placed intelligence source told Fox News that names, addresses and social security information were compromised, and that the breach involved an “advanced persistent threat” designed to harvest information covertly without crippling systems.

Sources told Fox News that the investigators were considering the possibility the attack was linked to another attack in October involving the White House. Fox News has also learned that the attack bears similarities to those carried out by nation-states, not by criminal syndicates.

The OPM announced Thursday that it was sending notifications to approximately 4 million individuals whose personally identifiable information (PII) may have been accessed. However, the agency acknowledged that more individuals could have been affected.

“Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary,” the agency said in a statement.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” OPM Director Katherine Archuleta said in a statement. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

The agency advised those affected to monitor their bank accounts for unusual activity, and to request a credit report along with other safeguards against fraud.

The Associated Press, which first reported the breach, cited officials saying that the breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen.

“This is an attack against the nation,” said Ken Ammon, chief strategy officer of software security company Xceedium, who added that the stolen information could be used to impersonate or blackmail federal employees with access to sensitive information.

The FBI said in a statement that it was working with interagency partners to investigate the breach, while the DHS said it was continuing to monitor federal networks for suspicious activity and is “working aggressively” to investigate the extent of the breach.

Responding to news of the breach, Congressman Adam Schiff, D-Calif., called on the Senate to pass cybersecurity legislation passed by the House earlier in the year.

“This bill will not be a panacea for the broad cyber threats we face, but it is one important piece of armor in our defenses that must be put in place – now,” Schiff said.

In November, a former Department of Homeland Security official disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.

The Associated Press and Fox News’ Catherine Herridge, Matt Dean, and Constance McDonough contributed to this report.