UPDATE: A spokesman from the Chinese Embassy in Washington objected to U.S. government allegations that a massive hack on U.S. government employee data originated from China.
“Cyberattacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify. Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive,” said Zhu Haiquan.
“Cyberattack is a global threat which could only be addressed by international cooperation based on mutual trust and mutual respect,” he said.
WASHINGTON (CNN) — As many as four million current and former federal employees may have had their personal information hacked, the Office of Personnel Management said on Thursday.
The agency, which is conducts background checks, warned it was urging potential victims to monitor their financial statements and obtain new credit reports.
U.S. officials believe this could be the biggest breach ever of the government’s computer networks.
The breach is beyond the Office of Personnel Management and Department of Interior, with nearly every federal government agency hit by the hackers, government officials said.
An assessment continues and it is possible millions more government employees may be impacted.
American investigators believe they can trace the breach to the Chinese government. Hackers working for the Chinese military are believed to be compiling a massive database of Americans, intelligence officials told CNN on Thursday night.
It is not clear what the purpose of the database is.
Employees of the legislative and judicial branches, and uniformed military personnel, were not affected.
There are currently 2.7 million federal executive branch employees — it’s unclear if this affected every single one (plus former employees), or only a portion.
The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to eventually unearth the information breach in April 2015, the Department of Homeland Security said. A month later, the federal agency learned sensitive data had been compromised.
The federal agency learned of the breach in April 2015, the Department of Homeland Security said in a statement Thursday. A month later, the federal agency learned data had been compromised.
The FBI is now investigating what exactly led to the breach.
“We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement.
The federal personnel office said “personally identifiable information” had been breached, though didn’t name who might be responsible.
The Washington Post and Wall Street Journal first reported Thursday that Chinese hackers were responsible for the breach.
Senate Homeland Security and Governmental Affairs Chairman Ron Johnson, R-Wisconsin, called the breach “disturbing” and said the Office of Personnel Management needs to do a better job securing its information.
“It is disturbing to learn that hackers could have sensitive personal information on a huge number of current and former federal employees — and, if media reports are correct, that information could be in the hands of China,” Johnson said in a statement. “(The office) says it ‘has undertaken an aggressive effort to update its cybersecurity posture.’ Plainly, it must do a better job, especially given the sensitive nature of the information it holds.”
California Rep. Adam Schiff, the top Democrat on the House Intelligence Committee, said hackers are one of the “greatest challenges we face on a daily bases.”
“It’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue,” Schiff said in a statement. “That’s why the House moved forward on cybersecurity legislation earlier this year, and it’s my hope that this latest incident will spur the Senate to action.”
Russia is believed to have been responsible for a separate data breach earlier this week that made 100,000 Americans’ tax returns vulnerable to criminals, when the Internal Revenue Service was attacked.
CNN’s Evan Perez and Jim Sciutto contributed to this report.