Chinese breach data of 4 million federal workers
Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.
“Certainly, OPM is a high-value target,” Donna Seymour, the agency’s chief information officer, said in an interview. “We have a lot of information about people, and that is something that our adversaries want.”
The personal information exposed could be useful in crafting “spear-phishing” e-mails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake e-mail purporting to be from a colleague at work.
After the earlier breach discovered in March 2014, the OPM undertook “an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks,” Seymour said. “As a result of adding these tools, we were able to detect this intrusion into our networks.”
By contrast, in March 2014, OPM officials discovered that hackers had breached an OPM system that manages sensitive data on federal employees applying for clearances. That often includes financial data, information about family and other sensitive details. That breach, too, was attributed to China, other officials said. OPM officials declined to comment on whether the data affected in this incident was encrypted or had sensitive details masked. They said it appeared that the intruders are no longer in the system.
“There is no current activity,” an official said. But Chinese hackers frequently try repeat intrusions.
Among the steps taken to protect the network, the OPM restricted remote access to the network by system administrators, officials said. When the OPM discovered the breach, it notified the FBI and the Department of Homeland Security.
A senior DHS official, who spoke on the condition of anonymity because of the ongoing investigation, said the “good news” is that the OPM discovered the breach using the new tools. “These things are going to keep happening, and we’re going to see more and more because our detection techniques are improving,” the official said.
FBI spokesman Josh Campbell said his agency is working with DHS and OPM officials to investigate the incident. “We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.
“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”
Rep. Adam B. Schiff (Calif.), ranking Democrat on the House Intelligence Committee, said the past few months have seen a massive series of data breaches affecting millions of Americans.
“This latest intrusion . . . is among the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses,” he said. “The cyberthreat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.”
Colleen M. Kelley, president of the nation’s second-largest federal worker union, the National Treasury Employees Union, said her organization “is very concerned” about the breach. “Data security, particularly in an era of rising incidence of identity theft, is a critically important matter,” she said.
“It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks,” she said.