Hackers broke into federal government computer networks and compromised both the Office of Personnel Management and the Interior Department, putting almost every current and former government employee at risk. This could be the biggest data breach ever, and officials think that China is behind the attack.
The breach could expose tons of personal information belonging to government employees, because the Office of Personnel Management performs over 90% of federal background checks.
A U.S. official, who declined to be named because he was not authorized to publicly discuss the data breach, said the breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. Former government employees are affected as well.
The Chinese government has denied any involvement in the attack and claims that the accusations coming from the U.S. aren't verified.
The Department of Homeland Security has a screening system in place called EINSTEIN that is supposed to spot cyberattacks against government agencies. The system did identify the data breach, but not before hackers managed to get away with tons of employee information.
Senate Intelligence Committee Chairman Richard Burr, R-N.C., said the government must overhaul its cybersecurity defenses. "Our response to these attacks can no longer simply be notifying people after their personal information has been stolen," he said. "We must start to prevent these breaches in the first place."
The hackers could use the information they obtained to extort government employees and gain sensitive or classified information. They could also use the information for financial purposes.
"Given what OPM does around security clearances, and the level of detail they acquire when doing these investigations, both on the subjects of the investigations and their contacts and references, it would be a vast amount of information," [Rick Holland, an information security analyst at Forrester Research] added.
The government is offering 18 months of credit monitoring and identity theft protection to employees.