China hacks federal personnel office

WASHINGTON – Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify some 4 million current and former federal employees that their personal data may have been compromised.

The hack was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months. Russia last year compromised White House and State Department email systems in a campaign of cyber-espionage.

OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.

Other U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.

The intruders gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. No direct deposit data was exposed, officials said. They could not say for certain which data was taken, but only what the hackers gained access to.

“Certainly, OPM is a high-value target,” said OPM Chief Information Officer Donna Seymour, in an interview. “We have a lot of information about people, and that is something that our adversaries want.”

The personal information exposed could be useful in crafting “spear-phishing” emails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake email purporting to be from a colleague at work.

After the earlier breach discovered in March 2014, OPM undertook “an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks,” Seymour said. “As a result of adding these tools, we were able to detect this intrusion into our networks.”

“Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM,” said the agency’s director, Katherine Archuleta, in a statement.

In the current incident, the hackers targeted an OPM data center housed at the Interior Department. The database did not contain information on background investigations or employees applying for security clearances, officials said.

By contrast, in March 2014, OPM officials discovered that hackers had breached an OPM system that manages sensitive data on federal employees applying for clearances. That often includes financial data, information about family and other sensitive details. That breach, too, was attributed to China, other officials said.

OPM officials declined comment on whether the data affected in this incident was encrypted or had sensitive details masked. They said it appeared that the intruders are no longer in the system.

“There is no current activity,” an official said. However, Chinese hackers frequently try repeat intrusions.

Seymour said the agency is working to better protect the data stored in its servers throughout the government, including by using data masking or redaction: “We’ve purchased tools to be able to implement that capability for all” the data.

Among the steps taken to protect the network, OPM restricted remote access to the network by system administrators, officials said.

When OPM discovered the breach, it notified the FBI and Department of Homeland Security.

A senior DHS official, who spoke on the condition of anonymity because of the ongoing investigation, said the “good news” is that OPM discovered the breach using the new tools. “These things are going to keep happening, and we’re going to see more and more because our detection techniques are improving,” the official said.

FBI spokesman Josh Campbell said his agency is working with DHS and OPM to investigate the incident. “We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.

The intruders used a “zero-day” – a previously unknown cyber-tool – to take advantage of a vulnerability that allowed the intruders to gain access into the system.

China is one of the most aggressive nations targeting U.S. and other Western states’ networks. In May 2014, the United States announced the indictments of five Chinese military officials for cyber-economic espionage – hacking into the computers of major steel and other companies and stealing plans, sensitive negotiating details and other information.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Adam Schiff, D-Calif., ranking Democrat on the House Intelligence Committee, said the last few months have seen a massive series of data breaches affecting millions of Americans.

“This latest intrusion … is among the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses,” he said. “The cyberthreat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber-databases and defenses is perilously overdue.”

The president of the nation’s second-largest federal worker union, the National Treasury Employees Union, said NTEU “is very concerned” about the breach. “Data security, particularly in an era of rising incidence of identity theft, is a critically important matter,” President Colleen Kelley said.

“It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks,” she said.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Olivia Vanni / The Herald 
The Mukilteo Lighthouse. Built in 1906, it’s one of the most iconic landmarks in Snohomish County.
The Mukilteo Lighthouse. Built in 1906, it’s one of the most iconic landmarks in Snohomish County. (Olivia Vanni / The Herald)
Mukilteo mayor vetoes council-approved sales tax

The tax would have helped pay for transportation infrastructure, but was also set to give Mukilteo the highest sales tax rate in the state.

Marysville Mayor Jon Nehring gives the state of the city address at the Marysville Civic Center on Wednesday, Jan. 31, 2024, in Marysville, Washington. (Ryan Berry / The Herald)
Marysville council approves interim middle housing law

The council passed the regulations to prevent a state model code from taking effect by default. It expects to approve final rules by October.

x
State audit takes issue with Edmonds COVID grant monitoring

The audit report covered 2023 and is the third since 2020 that found similar issues with COVID-19 recovery grant documentation.

Bothell
Bothell man pleads guilty to sexual abuse of Marysville middle schoolers

The man allegedly sexually assaulted three students in exchange for vapes and edibles in 2022. His sentencing is set for Aug. 29.

Larsen talks proposed Medicaid cuts during Compass Health stop in Everett

Compass Health plans to open its new behavioral health center in August. Nearly all of the nonprofit’s patients rely on Medicaid.

Snohomish County Health Department Director Dennis Worsham on Tuesday, June 11, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Snohomish County Health Department director tapped as WA health secretary

Dennis Worsham became the first director of the county health department in January 2023. His last day will be July 3.

Lily Lamoureux stacks Weebly Funko toys in preparation for Funko Friday at Funko Field in Everett on July 12, 2019.  Kevin Clark / The Herald)
Everett-based Funko ousts its CEO after 14 months

The company, known for its toy figures based on pop culture, named Michael Lunsford as its interim CEO.

Community members gather for the dedication of the Oso Landslide Memorial following the ten-year remembrance of the slide on Friday, March 22, 2024, at the Oso Landslide Memorial in Oso, Washington. (Ryan Berry / The Herald)
The Daily Herald garners 6 awards from regional journalism competition

The awards recognize the best in journalism from media outlets across Alaska, Idaho, Montana, Oregon and Washington.

Teen dives into Silver Lake to rescue 11-year-old

A 13-year-old boy brought the child to the surface, authorities said. The 11-year-old is in stable but critical condition.

Logo for news use featuring the municipality of Mukilteo in Snohomish County, Washington. 220118
On second go, Mukilteo City Council votes against sales tax hike

A veto from Mayor Joe Marine forced the council to bring the potential 0.1% sales tax increase back for another vote Monday.

Two visitors comb the beach at Kayak Point Regional County Park on Friday, June 14, 2024, in Tulalip, Washington. (Ryan Berry / The Herald)
Nate Nehring and WSU Beach Watchers to host beach cleanup at Kayak Point

Children and families are especially encouraged to attend the event at Kayak Point Regional County Park.

One person dead in single-vehicle fatal crash near Stanwood

A 33-year-old male was found dead at the scene Monday evening with his vehicle partially wrapped around a tree.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.