WASHINGTON, (Reuters) – Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said yesterday, underlining the scope of one of the largest known cyber attacks on federal networks.
The breach of computer systems of the Office of Personnel Management was disclosed on Thursday by the Obama administration, which said records of up to 4 million current and former federal employees may have been compromised.
Accusations by U.S. government sources of a Chinese role in the cyber attack, including possible state sponsorship, could further strain ties between Washington and Beijing. Tensions are already heightened over Chinese assertiveness in pursuit of territorial claims in the South China Sea.
The hacking also raises questions about how the United States would respond if it confirmed that the Chinese government was behind it.
Several U.S. officials, who requested anonymity, said the hackers were believed to have been based in China but that it was not yet known if the Chinese government or criminal elements were involved.
Another U.S. official said the breach was being investigated as a matter of national security, meaning it may have originated from a foreign government.
The cyber attack was among the most extensive thefts of information on the federal work force, and one U.S. defense official said it was clearly aimed at gaining valuable information for intelligence purposes.
“This is deep. The data goes back to 1985,” a U.S. official said. “This means that they potentially have information about retirees, and they could know what they did after leaving government.”
Access to data from OPM’s computers, such as birth dates, Social Security numbers and bank information, could help hackers test potential passwords to other sites, including those with information about weapons systems, the official said.
“That could give them a huge advantage,” the official said.
According to a U.S. House of Representatives memo seen by Reuters, OPM knows what types of data were exposed to the hackers but not what data was taken. The memo was sent to House staff by Chief Administrative Officer Ed Cassidy, whose office provides support services to the House, including cyber security services.
In addition, the State Department said in a memo to its employees that most of them had not been exposed to the breach because their data was not housed on the hacked OPM systems. Only those who had previously been employed by another federal agency may have been exposed, it said.
Investigators have linked the OPM breach to earlier thefts of personal data from millions of records at Anthem Inc , the second largest U.S. health insurer, and Premera Blue Cross, a healthcare services provider.