A pervasive security breach at a U.S. government agency has compromised the personnel data of at least 4 million current and former government employees.
The Washington Post reported that data from the U.S. Office of Personnel Management (OPM), which was being stored at the Interior Department, was targeted by hackers late last year. The breach was discovered in April and confirmed in May. Government officials acknowledged that the data included personally identifiable information of government workers.
U.S. officials have blamed the most recently reported attack on China, an accusation quickly denied by Chinese officials. “We know that hacker attacks are conducted anonymously, across nations, and that it is hard to track the source,” foreign ministry spokesman Hong Lei said on Friday. “It’s irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation.”
China had been blamed by the U.S. for a separate cyber attack in March 2014 which had targeted an OPM system containing information about federal employees applying for clearances, including data regarding employee finances and information about family members.
The OPM said in a statement that following the latest intrusion, OPM has implemented more “network security precautions,” including “restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.”
“As a result of the incident, OPM will send notifications to approximately 4 million individuals whose PII may have been compromised. Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary,” read the statement. The OPM will begin notifying affected employees, and noted that there is a possibility of additional data exposure being discovered as the investigation continues.
U.S. Rep. Adam Schiff (D- Calif.), a member of the House select intelligence committee, expressed concern over a “series of massive data breaches” occurring in the past several months and said that “It’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.”