The U.S. Office of Personnel Management announced late Thursday afternoon that it lost 4 million people’s personally identifiable information as a result of a data breach.
Chinese hackers cracked the federal government’s systems in December, according to the Washington Post.
OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls.
The human resources arm of the federal government conducts background checks on employees. It will begin notifying those affected starting next week.
— FBI (@FBI) June 4, 2015
From the Associated Press, which initially broke the news of the data breach:
In November, a former DHS contractor disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.
DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM’s systems and the Interior Department’s data center, which is shared by other federal agencies.
The former director of the National Security Agency, Mike McConnell, in the wake of the Anthem breach (allegedly perpetrated by Chinese hackers) earlier this year [37:00]:
A lot of the speculation revolving around that potential nation-state sponsored attack assumed that the Chinese might be interested in building databases on people in businesses and governments.
The idea is that while a hacker might not be able to breach the security of. say, the President’s computer, that person might be able to infiltrate all the systems surrounding the Commander in Chief, in essence making the job of spying easier.