China suspected in massive breach of federal personnel data

(AP) -- China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers, American

News 12 Staff

Jun 5, 2015, 6:18 AM

Updated 3,295 days ago

Share:

(AP) -- China-based hackers are suspected of breaking into the computer networks of the U.S. government personnel office and stealing identifying information of at least 4 million federal workers, American officials said Thursday.
The Department of Homeland Security said in a statement that data from the Office of Personnel Management and the Interior Department had been compromised.
"The FBI is conducting an investigation to identify how and why this occurred," the statement said.
The hackers were believed to be based in China, said Sen. Susan Collins, a Maine Republican.
Collins, a member of the Senate intelligence committee, said the breach was "yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances."
A U.S. official, who declined to be named because he was not authorized to publicly discuss the data breach, said it could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. Former government employees are affected as well.
"This is an attack against the nation," said Ken Ammon, chief strategy officer of Xceedium, who said the attack fit the pattern of those carried out by nation states for the purpose of espionage. The information stolen could be used to impersonate or blackmail federal employees with access to sensitive information, he said.
The Office of Personnel Management is the human resources department for the federal government, and it conducts background checks for security clearances. The OPM conducts more than 90 percent of federal background investigations, according to its website.
The agency said it is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected. The National Treasury Employees Union, which represents workers in 31 federal agencies, said it is encouraging members to sign up for the monitoring as soon as possible.
In November, a former DHS contractor disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.
Cyber-security experts also noted that the OPM was targeted a year ago in a cyber-attack that was suspected of originating in China. In that case, authorities reported no personal information was stolen.
One expert said it's possible that hackers could use information from government personnel files for financial gain. In a recent case disclosed by the IRS, hackers appear to have obtained tax return information by posing as taxpayers, using personal information gleaned from previous commercial breaches, said Rick Holland, an information security analyst at Forrester Research.
"Given what OPM does around security clearances, and the level of detail they acquire when doing these investigations, both on the subjects of the investigations and their contacts and references, it would be a vast amount of information," Holland added.
DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM's systems and the Interior Department's data center, which is shared by other federal agencies.
It was unclear why the EINSTEIN system didn't detect the breach until after so many records had been copied and removed.
"DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion," the statement said.
Cybersecurity expert Morgan Wright of the Center for Digital Government, an advisory institute, said EINSTEIN "certainly appears to be a failure at this point. The government would be better off outsourcing their security to the private sector where's there at least some accountability."
Rep. Adam Schiff, ranking Democrat on the House intelligence committee, called the hack "shocking, because Americans may expect that federal computer networks are maintained with state of the art defenses."
Ammon said federal agencies are rushing to install two-factor authentication with smart cards, a system designed to make it harder for intruders to access networks. But implementing that technology takes time.
Senate Intelligence Committee Chairman Richard Burr, R-N.C., said the government must overhaul its cybersecurity defenses. "Our response to these attacks can no longer simply be notifying people after their personal information has been stolen," he said. "We must start to prevent these breaches in the first place."
___
Associated Press writers Donna Cassata, Alicia A. Caldwell and Kevin Freking in Washington and Brandon Bailey in San Francisco contributed to this report.
___
Follow Ken Dilanian on Twitter at https://twitter.com/KenDilanianAP


More from News 12
2:09
Prosecutor: Suspect taken into custody in deadly shooting in West Carteret

Prosecutor: Suspect taken into custody in deadly shooting in West Carteret

2:41
Clear skies overnight with a sunny Thursday ahead; tracking storm potentials for Friday

Clear skies overnight with a sunny Thursday ahead; tracking storm potentials for Friday

2:17
KIYC documentary prompts state senator to call for all rape kits in New Jersey to be tested

KIYC documentary prompts state senator to call for all rape kits in New Jersey to be tested

2:08
Jersey Shore leaders meet with state officials to discuss pop-up party prevention

Jersey Shore leaders meet with state officials to discuss pop-up party prevention

1:57
No, it’s not the Caribbean. New Jersey’s oceanfront really is that clear right now

No, it’s not the Caribbean. New Jersey’s oceanfront really is that clear right now

0:47
Mayor: Administrative mishaps prevent Secaucus from offering full-day pre-K program

Mayor: Administrative mishaps prevent Secaucus from offering full-day pre-K program

0:39
East Brunswick High School printing new page for yearbook amid photo controversy

East Brunswick High School printing new page for yearbook amid photo controversy

1:56
NJ Transit, Amtrak lay out service disruption initiative following system failures in May

NJ Transit, Amtrak lay out service disruption initiative following system failures in May

0:24
New Jersey to receive over $30 million from Johnson & Johnson talc settlement

New Jersey to receive over $30 million from Johnson & Johnson talc settlement

1:40
NJ native Kristoffer Diaz dishes on Tony nomination for ‘Hell’s Kitchen’

NJ native Kristoffer Diaz dishes on Tony nomination for ‘Hell’s Kitchen’

0:28
‘Operation Cruel Summer’ nets 4 arrests in Middlesex County

‘Operation Cruel Summer’ nets 4 arrests in Middlesex County

1:55
Waldwick's boil water advisory remains in effect Wednesday due to nearly 2-day water main break

Waldwick's boil water advisory remains in effect Wednesday due to nearly 2-day water main break

0:32
Attorney general: On-duty Franklin Borough police sergeant involved in crash that killed 19-year-old

Attorney general: On-duty Franklin Borough police sergeant involved in crash that killed 19-year-old

0:29
Sussex County school bus driver gets 14 years in prison for driving students around while drunk

Sussex County school bus driver gets 14 years in prison for driving students around while drunk

0:28
Aldi warns customers of data breach involving skimming devices; 2 NJ stores affected

Aldi warns customers of data breach involving skimming devices; 2 NJ stores affected

0:17
Middlesex police: Construction worker killed after being hit by metal beam

Middlesex police: Construction worker killed after being hit by metal beam

0:19
Ridgefield man accused of strangling a child before attempting sexual assault

Ridgefield man accused of strangling a child before attempting sexual assault

2:28
India defeats USA in last Nassau Cricket World Cup match

India defeats USA in last Nassau Cricket World Cup match

1:35
What's Cooking: Uncle Giuseppe's Marketplace's lemon iced almond biscotti

What's Cooking: Uncle Giuseppe's Marketplace's lemon iced almond biscotti

2:11
Somerset County volunteer fire department at odds over new terms made by Board of Fire Commissioners

Somerset County volunteer fire department at odds over new terms made by Board of Fire Commissioners