China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers, American officials said Thursday.
The Department of Homeland Security said in a statement that data from the Office of Personnel Management and the Interior Department had been compromised.
4 million current and former federal employees may have had their personal information hacked.
The agency, which conducts background checks, warned it was urging potential victims to monitor their financial statements and obtain new credit reports.
U.S. officials believe this could be the biggest breach ever of the government’s computer networks.
“The FBI is conducting an investigation to identify how and why this occurred,” the statement said.
An assessment continues and it is possible millions more government employees may be impacted.
American investigators believe they can trace the breach to the Chinese government. Hackers working for the Chinese military are believed to be compiling a massive database of Americans, intelligence.
A U.S. official, who declined to be named because he was not authorized to publicly discuss the data breach, said it could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. Former government employees are affected as well.
“This is an attack against the nation,” said Ken Ammon, chief strategy officer of Xceedium, who said the attack fit the pattern of those carried out by nation states for the purpose of espionage. The information stolen could be used to impersonate or blackmail federal employees with access to sensitive information, he said.
It is not clear what the purpose of the database is.
Employees of the legislative and judicial branches, and uniformed military personnel, were not affected.
The FBI is now investigating what exactly led to the breach.
“We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI said in a statement.
The federal personnel office said “personally identifiable information” had been breached, though didn’t name who might be responsible.