Chinese hackers accessed US government systems earlier this year in order to target the files of federal employees who have applied for top-level security clearances.
According to the New York Times, senior American officials said hackers gained access to the system in March before the infiltration was detected and blocked.
The hackers appeared to be targeting files "on tens of thousands of employees who have applied for top-secret security clearances," and data including employment records, personal information — such as drug use — and the foreign contacts of security applicants may have been placed at risk.
The publication says it is not obvious how far the hackers were able to penetrate the networks of the US Office of Personnel Management.
The Times says an unnamed senior official claimed the recent attack was traced back to China, although it wasn't clear if the attack was state-sponsored. A spokesperson said that monitoring systems "alerted us to a potential intrusion of our network in mid-March."
Relations between China and the United States have been strained of late due to constant accusations that each side is launching cyberattacks — or using the idea as a propaganda tool — in order to harm the other.
China has pointed to documents leaked by former US National Security Agency contractor Edward Snowden as a source of the US's surveillance and network infiltration, and the US in turnfive Chinese men as "military hackers" for breaking into US corporate systems and stealing sensitive data.
This week,said one of the most prolific Chinese hacking groups, dubbed Deep Panda, has targeted "several" US think tanks over the past several months. In three years of campaigns, the "advanced Chinese nation-state cyber intrusion group" has targeted US defense, finance, legal and government arenas, and is now shifting to the theft of data concerning security and governmental policy related to Iraq and the Middle East.
The Chinese foreign ministry, stating that "China opposes and severely cracks down on all forms of cyber-hacking."
In February last year, US officials confirmed that hackersthe Department of Energy's networks. Personal data related to employees may have been affected, but US officials maintained "no classified data was compromised."
However, the breach in March was left unannounced, although US officials have encouraged businesses to share data related to breaches with each other and the government itself. Caitlin Hayden, an Obama administration spokeswoman told the publication:
The administration has never advocated that all intrusions be made public. We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers’ personal information. We have also advocated that companies and agencies voluntarily share information about intrusions.