Chinese hackers reportedly sought data on US workers with security clearance
Chinese computer hackers were able to access the computer network of the federal agency that houses the personal information of all government employees in an apparent attempt to target workers who have applied for security clearances, according to a published report.
The New York Times reports that the hackers gained access to some databases from the Office of Personnel Management this past March before federal authorities were able to block them from the network. A senior Department of Homeland Security official confirmed to The Times that the cyberattack had taken place, but claimed that no "personally identifiable information" had been lost. It was not immediately clear how far the hackers had managed to penetrate into the system.
Accusations of hacking by China and counterclaims of such activity by the U.S. government have strained U.S.-Chinese relations. Chinese hacking has been a major theme of U.S.-China discussions this week in Beijing, though both sides have publicly steered clear of the controversy.
In May, the Justice Department filed a 31-count indictment against five Chinese military officials operating under hacker aliases and accused them of penetrating computer networks of a half-dozen steel companies and makers of solar and nuclear technology to gain a competitive advantage. The Chinese government denied the allegations and suspended a working group on cyber rules that was to be part of the annual "Strategic and Economic Dialogue" this week.
Those applying for security clearances would be expected to provide such information as foreign contacts, previous jobs, past drug use and other personal details to the Office of Personnel Management, the Times reported.
The agency oversees a system by which federal employees applying for security clearances enter financial data and other personal information, the Times said, and those who maintain such clearances are required to update their information through that system. Agencies and contractors use the information to investigate employees.
The paper quoted an unidentified senior U.S. official as saying that the attack had been traced to China but that it wasn't clear whether the hackers were part of the government.
The attack in March was not announced even though the Obama administration has urged U.S. companies to share information about breaches in security with the government and with consumers, the newspaper reported.
"The administration has never advocated that all intrusions be made public," Caitlin Hayden, a spokeswoman for the Obama administration, said in a statement to the Times. "We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers' personal information. We have also advocated that companies and agencies voluntarily share information about intrusions."
Hayden said the administration had no reason to believe that personally identifiable information for employees had been compromised.
The Associated Press contributed to this report.