China has denied responsibility for a data breach at the U.S. federal government that is believed to have compromised the personal information of former and current employees.
According to a statement released by the U.S. Office of Personnel Management (OPM), the federal agency that is responsible for screening and hiring workers as well as approving the security clearances for approximately 90 percent of the U.S. federal government, at least 4 million people will begin receiving notifications next week that their personally identifiable information (PII), including names, Social Security Numbers, and birth dates, may have been compromised as a result of the breach.
The ramifications are very serious,” Susan Collins, R-Maine, a member of the Senate Intelligence Committee, told NBC News. “Potentially 4 million former and current federal employees have had their information compromised, and because OPM is the agency that holds security clearances, that’s giving a potential enemy like China very valuable information.”
U.S. officials who are investigating the incident believe that Chinese hackers are responsible for the breach, which is thought to have affected every U.S. federal agency in addition to the OPM and the Department of Homeland Security.
A spokesman for the Chinese embassy to the United States has since condemned these charges as “not responsible and counterproductive.”
“Cyber attacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify,” Zhu Haiquan said. Hacking, he went on to add, can “only be addressed by international cooperation based on mutual trust and mutual respect.”
As is the case with many security incidents, there may be a bright side to this breach, as Ken Westin, Senior Security Analyst at Tripwire, observes.
“This breach was discovered after the Office of Personnel Management upgraded their security systems,” explains Westin. “The new tools provided the organization with more visibility of their assets and ability to identify anomalies and indicators for compromise. Although this breach is a significant blow to multiple agencies, the silver lining is that the agencies are getting serious about security and deploying more sophisticated tools to detect breaches as well as taking additional measures to secure data.”
Some security researchers believe that the same Chinese hackers who were responsible for this latest data breach were also behind the hacks of Anthem and Primera. These hackers are not believed to have a direct association with the People’s Liberation Army of China.
News of this incident comes at the same time as Akamai’s Q1 2015 State of the Internet – Security Report that names China as the originator of most of the world’s distributed denial of service (DDoS) attacks, followed by Germany and the United States.