Chinese hackers penetrated the computer networks of a U.S. government agency in March, gaining access to databases that store the personal information of all federal employees, in one of the only security breaches of government servers in the past year, senior Washington officials disclosed to the New York Times.
It is unclear how far the hackers delved into some of the databases of the Office of Personnel — which stores applications for security clearances that list personal information such as financial data, former jobs, past drug use and foreign contacts of tens of thousands of employees — before the threat was discovered and thwarted by federal authorities, officials said. It is also not known if the hackers were connected to the Beijing government.
A senior official of the Department of Homeland Security said that although the Office of the Personnel contains personal information, a response team within the Homeland Security had not “identified any loss of personally identifiable information” during the cyber attack. Government agencies are not obliged to inform the public about security threats unless it is verifiable that personal information has been stolen.
Although the Obama Administration encourages companies to be transparent about security breaches, the attack on the Office of Personnel was never announced to the public because “the administration has never advocated that all intrusions be made public,” White House spokeswoman Caitlin Hayden told the Times. However, relevant federal, state and local agencies were apparently notified of the threat. “None of this differs from our normal response to similar threats,” she added.
The U.S. and China have engaged in bitter cyber security disputes in the past. The U.S. Justice Department indicted five alleged Chinese hackers from the People’s Liberation Army for theft of corporate secrets in May. Following the indictment, China halted plans to create a bilateral group focused on cyber security. Documents revealed by National Security Agency whistleblower Edward Snowden also showed that his former employer penetrated the systems of Huawei, a Chinese company that produces computer network equipment.
The new revelations come as U.S. Secretary of State John Kerry is visiting Beijing for the annual Strategic and Economic Dialogue — a discussion on American political, economic and security relations with China.
Although Kerry has not yet specifically mentioned the security breach, he said that cyber hacking on American companies had a “chilling effect on innovation and investment,” AP reports. Chinese foreign policy chief Yang Jiechi responded that the two countries had to establish trust to prevent future cyber attacks.