Hackers working for the Chinese military unit allegedly carried out a “massive breach” in December targeting records of the Office of Personnel Management workers, officials said.
The OPM serves as the federal government’s human resource department and the agency compiles records and issues security clearances of all the federal government employees.
The Office of Personnel Management (OPM) confirmed that both current and previous employees have been affected by this breach and that it could potentially impact all federal agencies.
The breach was discovered by the OPM officials in April while conducting an “aggressive effort” to upgrade the cyber security of the agency using new tools.
The officials stated that the agency plans to contact all the affected workers to offer them free credit monitoring and identity theft insurance for 18months.
The leaked information includes job assignments, training and performance review records of the employees whereas it doesn’t include background checks and clearance investigations.
This hack reportedly was the biggest breach of US government employee data till date and the second big intrusion of OPM by China within a year. This also is the second prominent foreign breach into the networks of US government this year, according to WSJ.
According to a private security firm iSight Partners, this breach can be linked to the same cyber-espionage group that was responsible for hack attack on Anthem, the health insurance giant. On the other hand, the FBI believes that this is the work of Chinese state-sponsored hackers.
The hacked data can be used in conducting “spear-phishing” emails to fool recipients into clicking on infected attachments or links so that the attackers could access the targeted computer systems.
This is not the first time when the United States has blamed China for a sophisticated cyber attack on its servers. In May 2013, Chinese hackers were blamed for gaining access to a sensitive weaponry system, stealing US Secret weapons designs.
In May 2013 again, Chinese hackers were blamed for hacking the official website of U.S. Labor department and installing malware on the department’s servers.