China has denied involvement in what could be the biggest cyber attack in US history after the details of up to four million current and former government employees were stolen.
Officials in Washington have already claimed the hackers responsible were based in China, with one security expert calling it an “attack against the (American) nation”.
Every federal agency may have been hit by the data breach, which saw personal information including names, social security numbers and birth dates accessed from systems at the Office of Personnel Management (OPM).
The agency, which hires government workers and approves security clearances, was named among the targets, alongside the Interior Department.
“The FBI is conducting an investigation to identify how and why this occurred,” a Department of Homeland Security spokesperson said.
Susan Collins, a Republican Senator who sits on an intelligence committee, claimed the hackers were based in China said the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
A spokesperson for the Chinese embassy to the US called such accusations “not responsible and counterproductive.”
“Cyber attacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify,” Zhu Haiquan said.
He added that hacking can “only be addressed by international cooperation based on mutual trust and mutual respect.”
Ken Ammon, chief strategy officer of network security company Xceedium, claimed the attack had similarities to previous ones used for international espionage and warned that the stolen information could be used to impersonate or blackmail federal employees with access to classified information.
“This is an attack against the nation,” he added.
China has been battling hacks on its own soil in recent days. A report by state news agency Xinhua said on Tuesday that a group known as OceanLotus had stolen information from its government.
The foreign ministry in Beijing said “elaborately organised” online attacks had hit marine agencies, scientific research institutions and shipping companies since April 2012 and China was “opposed to hacking in any form”.
Employees affected by the US breach will be informed over the coming days and the OPM is offering them credit monitoring and identity theft insurance for 18 months.
In November, another cyber attack compromised the private files of more than 25,000 Department of Homeland Security workers and thousands of other federal employees.
The OPM was also targeted in a failed attack around a year ago that was also suspected of coming from China, security experts said.
A spokesperson said the latest cyber attack predated recent security upgrades that had added “numerous tools and capabilities to its network” and that the OPM “immediately implemented additional security measures to protect sensitive information”.
An intrusion detection system known as Einstein screens internet traffic on US government networks to identify potential threats and it was unclear how it did not detect the breach, which was discovered in April but only made public yesterday.
The FBI is leading the investigation and a spokesperson for the security agency said it would “hold accountable those who pose a threat in cyberspace”.
In April, President Barack Obama responded to a rash of attacks aimed at American computer networks by launching sanctions to target foreign hackers using cyber attacks to threaten US foreign policy, national security or economic stability.
Additional reporting by AP
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies