China based hackers hack into US federal computer servers and steal personal identifiable information of 4 million US federal employees
China-based hackers broke into the computer networks of the U.S. government personnel office and stole vital information of at least 4 million federal workers, American officials said Thursday. The stolen information contains personal identifiable information, social security numbers, job assignments, performance ratings and training information.
The Department of Homeland Security said in a statement that data from the Office of Personnel Management (OPM) and the Interior Department had been compromised.
“The FBI is conducting an investigation to identify how and why this occurred,” the statement said.
According the Sen. Susan Collins, a Maine Republican senator, the hackers are based in China. Collins said that the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
The hackers apparently used a “zero-day” vulnerability in the federal computer system, according to the Washington Post.
Though US based sources blamed China for this hack attack, China has denied any hand in the hacking. The Chinese Embassy in Washington said Thursday night that jumping to conclusions was “not responsible, and counterproductive.” In a statement, embassy spokesman Zhu Haiquan said China had made great efforts to combat cyberattacks and that tracking such events conducted across borders was difficult. He added that, “Jumping to conclusions and making hypothetical accusation is not responsible, and counterproductive.”
In April, a Pentagon report said hackers associated with the Chinese government repeatedly targeted U.S. military networks last year seeking intelligence.
On Thursday, a statement from the Department of Homeland Security said “The U.S. Office of Personnel Management has identified a cyber security incident potentially affecting personnel data for current and former federal employees, including personally identifiable information (PII). As a result of the incident, OPM will send notifications to approximately 4 million individuals whose PII may have been compromised.”
Additionally, OPM advised affected staff to monitor their financial account statements and report any suspicious activity to financial institutions.
According to Washington Post, the Office of Personnel Management discovered the breach in April 2015. The hackers accessed Social Security numbers, job assignments, performance ratings and training information, however, the exact method of how the hackers exfiltrated the records is not known.
A U.S. official who declined to be identified said the data breach could potentially affect every federal agency and its employees. The largest Union of Federal employees also said that the breach was unacceptable and US government should reveal all information about it. “AFGE will demand accountability,” American Federation of Government Employees President J. David Cox Sr. said in a statement.