The United States Office of Personnel Management announced that hackers were able to compromise over four million current and former federal employees personal information, where the attack is believed to have originated in China, American officials reported Thursday.
The Department of Homeland Security (DHS) issued a statement that personal information from the Office of Personnel Management and the Interior Department, who shares network information with nearly every agency, has been compromised in the federal hacking. The federal agency who acts as the human resources department for the federal government, and performs background checks and security clearances warned potential victims to monitor their financial statements and get updated credit reports.
Affected personnel have been offered a free 18 month credit and identity monitoring service, something federal officials have urged affected personnel to take advantage of.
Federal officials believe the breach could be the largest breach of government computer networks to date, as it didn’t just plague one sector. Hackers breached the Office of Personnel Management, the Department of Interior, alongside nearly every federal government agency, officials told CNN. One question is whether sensitive intelligence information was compromised in the breach.
Currently, the United States government believes the breach can be traced back to the Chinese government, but as the investigation is ongoing, millions of additional government employees may be affected.
A spokesperson for the Chinese Embassy located in Washington called officials accusations “not responsible and counterproductive.”
“Cyberattacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify,” spokesman Zhu Haiquan said Thursday night in the Chinese embassy. Adding the hacking can “only be addressed by international cooperation based on mutual trust and mutual respect.”
According to federal intelligence officials speculation, China’s hacker army is allegedly working on compiling a massive database of Americans information. The purpose for the database is not clear, but China withholding personal information on millions of Americans could be critical intelligence.
Investigators thus far have confirmed that employees in the legislative and judicial branches alongside uniformed military personnel are not affected in the federal government breach.
The federal execute branch currently employs over 2.7 million federal workers, however, currently the scope of the attack is unclear as former employee information could possibly be at risk as well.
Federal employees learned of the data breach after the office began to strengthen its cybersecurity measures. DHS officials said their intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, said the system identified the breach at the data centers shared among several federal agencies.
It is unclear why EINSTEIN was unable to detect and stop the breach before hackers were able to compromise millions of documents.
“DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion,” the agency said in a statement.
Officials became aware of the attack only one month after defenses were upgraded, that’s the federal agency learned sensitive information from multiple federal branches had been accessed. Currently, the federal branch is cooperating with the Federal Bureau of Investigation (FBI) to learn what led to the attack.
“We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement.
The federal personnel office said “personally identifiable information” could have possibly been breached, though the office is currently unaware who is responsible for the record breaking attack.
Ron Johnson, Senate Homeland Security and Government affairs chairman said the breach is “disturbing” and the office needs to do a better job at securing their information.
“It is disturbing to learn that hackers could have sensitive personal information on a huge number of current and former federal employees — and, if media reports are correct, that information could be in the hands of China,” Johnson said speaking on the recent attacks. “(The office) says it ‘has undertaken an aggressive effort to update its cybersecurity posture.’ Plainly, it must do a better job, especially given the sensitive nature of the information it holds.”
Government agencies cybersecurity measures are in a tail spin, just as the IRS was hacked. exposing over 100,000 Americans information. Now the federal government may be dealing with a wide spread breach that affected all government sectors.