Hackers based in China may have obtained personnel data on as many as 4 million federal employees in a large-scale cyberattack uncovered this spring, administration officials confirmed Thursday.
Investigators discovered signs of the attack in April while in the process of updating security on government computers, senior administration officials said.
An editorial published by the Chinese state-run news agency on Friday called the accusations linking Chinese hackers to the attack "baseless" and said it was "obviously another case of Washington's habitual slander against Beijing on cyber security."
The intrusion appeared to have come before the adoption of tougher security controls this spring, officials said. Since uncovering the breach, the federal Office of Personnel Management, which was targeted in the attack, has been working to lock down its system, restricting remote access for network administrators and reviewing all connections to make sure they’re open only to those with legitimate business.
The agency's information technology system holds data on current and former employees and U.S. government contractors.
As the FBI and the Department of Homeland Security work to determine the full effect of the breach, the personnel office has been notifying millions of people that some of their personal information may have been stolen.
“Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM,” agency director Katherine Archuleta said in a written statement late Thursday.
“We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
Besides notifying people who have been affected, Archuleta’s office is also offering credit report checks and monitoring as well as identity theft insurance for federal workers.
The latest incident appears to be the second time that hackers have penetrated the networks of the personnel office, the repository of personal information for the vast number of U.S. government employees. Law enforcement officials uncovered signs of an attack this spring that hit not only that information but also that of the Government Printing Office and Government Accountability Office.
Responding to a rash of computer security problems earlier this year, which included the North Korean cyberattack on Sony Pictures, President Obama in April ordered sanctions on hackers who destroy or pilfer data from computer networks used by the U.S. government and American businesses.
The penalties, which include economic and travel sanctions, were meant to deter costly attacks launched from abroad against U.S. targets.
Separately, the White House declined to comment on a New York Times report that in 2012 the administration had expanded the National Security Agency’s surveillance of international Internet traffic to search for evidence of computer hacking.
The newspaper reported that the Justice Department wrote two classified memos in 2012 that authorized the spy agency to begin searching Internet cables for data linked to computer intrusions launched from abroad. The new authority would allow the agency to monitor only patterns associated with computer intrusions that could be tied to foreign governments, the report said.
Though he would not confirm any new directives, White House Press Secretary Josh Earnest noted that the Foreign Intelligence Surveillance Act does allow investigators to target foreign citizens outside the U.S. in order to acquire foreign intelligence.
“That is a tool that our national security professionals have found to be valuable in protecting the country from a variety of threats, particularly cyber threats,” Earnest said. “And this administration remains committed to being vigilant about the ever-evolving threat that we face in cyberspace.”
Staff writer Julie Makinen contributed to this report.
For more on the White House follow @cparsons.