clock menu more-arrow no yes mobile

Filed under:

Chinese hackers breach database of all US government employees

New, 24 comments

The Office of Personnel Management holds records on security clearances

In March, Chinese hackers successfully infiltrated the Office of Personnel Management, which holds personnel records for all US government employees, the New York Times reports. The hack was apparently an attempt to gather data on the tens of thousands of employees who've applied for government security clearances.

The DHS told the Times it had not "identified any loss of personally identifiable information"

The Department of Homeland Security, which detected the breach, told the Times it had not "identified any loss of personally identifiable information," although it's still unclear if any other information was lost. The government isn't required to disclose security breaches unless personal information is compromised, even if state secrets are stolen.

The OPM is a civilian agency, so its security isn't as tight as, say, the Pentagon's. But it does oversee e-QIP, an electronic system that houses information on employees seeking security clearances. The government uses e-QIP to investigate employee backgrounds before granting clearance, and the system contains personal information like finances, and even past drug use.

Although the hack was successfully traced to China, it's not clear whether the Chinese government or an independent group carried out the attack. Several attempted attacks on the US have already been traced to China's People's Liberation Army, and China has reportedly targeted other foreign ministries. In May of last year, Chinese hackers successfully accessed the plans for more than two dozen advanced US weapons systems.

Update: After a meeting with Chinese officials, Secretary of State John Kerry said that he had not discussed the Times article at the meeting, although cybersecurity was more broadly discussed. A Chinese spokesman said the country has always and continues to oppose hacking, adding that such reports "are not worth refuting."