Hackers breached the computers of the United States government, U.S. officials said on Thursday. The federal agency that collects personal information for federal workers was compromised in a massive cyberattack. Information about 4 million current and former employees housed by the Office of Personnel Management (OPM) was accessed, according to Reuters.
A foreign entity or government is believed to be behind the attack, a source told Reuters. An anonymous source told Reuters that the cyberattack originated from outside the United States, but would neither confirm nor deny that the offending country was China. The United States has long raised concerns about cyber-spying from Beijing, but China has continued to deny any accusations.
"China is not a monolith," a federal official told Politico. "There are many different things that can be Chinese. You may be seeing something where we're not going to be pointing the finger [in public], because we don't have an indictment to lay down."
"It could be that some underworld actors are being contracted by government actor," the official added.
The Federal Bureau of Investigation has launched an investigation and said it will hold the guilty parties responsible. "The FBI is working with our interagency partners to investigate this matter," the bureau said in a statement. "We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace."
OPM first detected malicious activity in April and the Department of Homeland Security concluded in May that OPM's data had been compromised, according to Reuters. The agency said it will inform the parties affected, offer credit moitoring and identity theft counseling.
"Certainly, OPM is a high value target," said OPM Chief Information Officer Donna Seymour, according to the Washington Post. "We have a lot of information about people, and that is something that our adversaries want."
This isn't the first time OPM or other federal governmental agencies, like the Post Office and the White house, have faced a cyber-intrusion. "The last few months have seen a series of massive data breaches that have affected millions of Americans," U.S. Rep. Adam Schiff (D-CA), the ranking Democrat on the House Permanent Select Committee on Intelligence, said in a statement. Schiff called the OPM attack, "among the most shocking because Americans may expect that federal computer networks are maintained with state of the art defenses."
"It's clear that a substantial improvement in our cyber databases and defenses is perilously overdue," he added.
Another committee member agrees. "Today's reported breach is part of a troubling pattern by this agency in failing to secure the personal data of federal employees - the second major breach in a year," said Sen. Mark Warner (D-Va.), according to Politico. "Cyberattacks present a critical threat to our national security and our economy. We cannot afford to keep dragging our feet in addressing the escalating threats posed by hackers out to steal individuals' personal information."
After the March 2014 attack on OPM, the agency implemented, "an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks," Seymour said. "As a result of adding these tools, we were able to detect this intrusion into our networks."
"In an average month, OPM thwarts almost 2.5 billion confirmed attempts to hack its network," Seymour told the House Oversight and Government Reform Committee in April. "These attacks will not stop. If anything, they will increase."