US officials said on Friday that data stolen from the Office of Personnel Management (OPM) by suspected Chinese hackers includes security clearance information and background checks dating back three decades.
The Obama administration on Thursday disclosed the scope of the breach as one of the largest known cyberattacks on US government networks. The hack occurred in December but only in April was it discovered.
The records of up to 4 million current and former government workers were compromised, according to a source familiar with the FBI-led investigation, cited by Reuters.
“This is deep. The data goes back to 1985,” a US official said. “This means that they potentially have information about retirees, and they could know what they did after leaving government.”
The compromised data - including birth dates, social security numbers and bank information about 2.1 million government workers - could be used by hackers to identify passwords for other sites with sensible information, such as military plans or weapon systems.
“The kind of data that may have been compromised in this incident could include name, Social Security Number, date and place of birth, job assignments, training files, performance ratings and current and former addresses," OPM spokesman Samuel Schumach said in an email.
Several US officials, requesting to stay anonymous, told various media outlets that the hackers were from China but did not openly blaming the Chinese government.
White House spokesman Josh Earnest at Friday briefing has dodged questions around the Chinese government involvement, noting that investigators "are aware of the threat that is emanating from China.”
Zhu Haiquan, a spokesman for the Chinese Embassy in Washington, denied accusations that the Chinese government may be behind the hack.
“Cyberattacks conducted across countries are hard to track, and therefore the source of attacks is difficult to identify. Jumping to conclusions and making [a] hypothetical accusation is not responsible and counterproductive,” Haiquan said on late Thursday.
The Obama administration announced that it was accelerating the deployment of a security tool to identify the breaches known as “Einstein.” All federal agencies are set to begin using US Homeland Security’s Einstein 3 Accelerated software by next year.