The Office of Personnel Management has been compromised by hackers with links to the Chinese government, federal investigators announced today. The agency manages clearance and employee records for every federal agency, and investigators say more than 4 million workers had personal data compromised by the attack. The data is generally personal but not highly classified, comprising background checks, addresses, and other personnel information. The agency is currently notifying any employees affected by the attack.
A similar intrusion at OPM last July was also linked to China, but no personal information was verifiably compromised. Still, facing a second breach within the span of a year raises real question about security practices within the agency. In this case, the intrusion was discovered by internal network monitoring systems, although it's still unclear whether the attackers exploited any residual effects from the earlier attack. "OPM has undertaken an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks," OPM's chief information officer told The Washington Post. "As a result of adding these tools, we were able to detect this intrusion into our networks."