Hackers from China are believed to have stolen the social security number for every US federal employee in a cyber-attack much larger than it first seemed, a union representing government workers said on Thursday.
The cyber theft of US employee personal information is larger and more damaging than the Obama administration has admitted, president of the American Federal of Government Employees, J. David Cox, said in a letter seen by the Associated Press.
Mr Cox said that the information obtained by hackers believed to be based in China – an accusation unconfirmed by the government - went far beyond was initially reported.
They are believed to have military records, veterans’ status and life insurance information, the Washington Post reported. The attack happened in December but was only discovered in April.
“We believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees,” said Cox’s letter to the director of the Office of Personnel Management (OPM), according to the Associated Press.
US intelligence officials say China, like the US, spies for national security advantage. Unlike the US, they say hackers from China also engage in large-scale theft of corporate secrets for the benefit of state-sponsored enterprises that compete with Western companies. Nearly every major US company has reportedly been hacked from China, it is claimed.
Former chairman of the House intelligence committee, Mike Rogers, told the Associated Press last week that Chinese intelligence agencies were looking to compile a database of information on Americans, with a foresight to blackmailing or sending spyware.
The OPM data file contains the records of non-military, non-intelligence executive branch employees. This covers most federal civilian employees but not, for example, members of Congress and their staffs.
The union claims the government has been downplaying the damage and has as of yet not confirmed which data has been stolen. A spokesman told the Associated Press that “for security reasons, we will not discuss specifics of the information that might have been compromised.”
The union called the breach “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”
In the Senate on Thursday, Democrats blocked a Republican effort to add the cyber-security bill to a sweeping defence measure. The vote was 56-40, four votes short of the number necessary.
Democrats had warned of the dangers of cyber-spying after the theft of government personnel files, but Democrats voted against moving ahead on the legislation, frustrated with the Republican- led effort to tie the two bills together.
Additional reporting from Associated PressReuse content