A massive hack has resulted in the theft of personal information from up to 4 million federal employees. It appears to have been designed with the goal of creating a comprehensive database that can be used in future attacks.
Officials say the hack seems to have been executed by the same Chinese hackers who attacked Anthem Insurance earlier in the year, which resulted in tens of millions of customers having their information stolen.
"Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM," said Katherine Archuleta, director of the U.S. Office of Personnel Management. "We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted."
The attack seems to have targeted things like Social Security numbers and other information pertaining to personal identity, but it is unclear whether the hack was intended to steal money or something else. Some experts suggest this information was targeted so hackers could impersonate government workers in future attacks.
The Office of Personnel Management will offer credit report access and credit monitoring to the potentially affected individuals.
Experts also suggest that a number of official agencies have not been keeping up with best security practices recommended by the government, including updating operating systems with the latest protections.
It is unclear exactly how many employees of the federal personnel office were affected. There are currently 2.7 million employees of the office, and it is possible that all of them – as well as all former employees, totaling around 4 million people – were affected. The FBI is currently investigating the attack alongside the U.S. Department of Homeland Security's Computer Emergency Readiness Team.
"We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace," said the FBI in a statement.
While it is almost confirmed that the attack was launched in China, it is yet to be determined whether the Chinese government sponsored the attack or if the administration had nothing to do with it.
The Chinese government has unsurprisingly denied the accusations that it may have been involved in the attack.
"Cyberattacks conducted across countries are hard to track, and therefore the source of attacks is difficult to identify. Jumping to conclusions and making (a) hypothetical accusation is not responsible and [is] counterproductive," said a spokesperson from the Chinese embassy in Washington.
Chinese government officials have also called for more trust and cooperation in cyberspace, saying that it also combats cyber attacks on a regular basis.