China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers, American officials said Thursday.
The Department of Homeland Security said in a statement that data from the Office of Personnel Management and the Interior Department had been compromised.
“The FBI is conducting an investigation to identify how and why this occurred,” the statement said.
The hackers were believed to be based in China, said Sen. Susan Collins, a Maine Republican.
Collins, a member of the Senate intelligence committee, said the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
A U.S. official, who declined to be named because he was not authorized to publicly discuss the data breach, said it could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. Former government employees are affected as well.
The information stolen could be used to impersonate or blackmail federal employees with access to sensitive information. Cyber-security experts also noted that the OPM was targeted a year ago in a cyber-attack that was suspected of originating in China. In that case, authorities reported no personal information was stolen. One expert said it’s possible that hackers could use information from government personnel files for financial gain. In a recent case disclosed by the IRS, hackers appear to have obtained tax return information by posing as taxpayers, using personal information gleaned from previous commercial breaches.
The Office of Personnel Management is the human resources department for the federal government, and it conducts background checks for security clearances. The OPM conducts more than 90 percent of federal background investigations, according to its website.
The agency said it is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected. The National Treasury Employees Union, which represents workers in 31 federal agencies, said it is encouraging members to sign up for the monitoring as soon as possible.
Cyber-security experts also noted that the OPM was targeted a year ago in a cyber-attack that was suspected of originating in China. In that case, authorities reported no personal information was stolen.
One expert said it’s possible that hackers could use information from government personnel files for financial gain. In a recent case disclosed by the IRS, hackers appear to have obtained tax return information by posing as taxpayers, using personal information gleaned from previous commercial breaches.
DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM’s systems and the Interior Department’s data center, which is shared by other federal agencies.
It was unclear why the EINSTEIN system didn’t detect the breach until after so many records had been copied and removed.
Federal agencies are currently playing catch-up in trying to install two-factor authentication with smart cards, a system designed to make it harder for intruders to access networks.
0 comments:
Post a Comment