Cybersecurity

4 million fed workers victimized by hack

Roughly 4 million current and former federal employees have had their data exposed by a hack, the Obama administration said Thursday.

The notification from the Office of Personnel Management (OPM) was short on details, but it appears troves of sensitive information had been pilfered.

Separate media reports cited China as being behind the massive hack.

The digital assailants first infiltrated the system in December, four months before they were discovered, The Washington Post reported.

{mosads}“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems.”

The FBI said it had opened up an investigation into the breach, which The Wall Street Journal reported is believed to have come from hackers in China.

An unnamed U.S. official told NBCNews that the data breach might touch every federal agency. 

A Department of Homeland Security spokesman said it noticed “malicious activity affecting its information technology (IT) systems and data in April.”

After investigating, DHS officials concluded in early May that OPM data had been compromised.

The OPM then took steps to install new security measures, restricting access of network administrators and reducing remote access.

This is not the first time OPM has stumbled with protecting personnel data. 

The agency was also breached last year. It appears the most recent incident was unrelated to that intrusion, although Chinese hackers are suspected in both instances.

Administration officials held a conference call Thursday night with federal employee unions to discuss the breach, a few hours after they initially notified the unions of the incident.

“It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks,” said Colleen Kelley, national president of the National Treasury Employees Union (NTEU), which represent 150,000 employees across 31 federal agencies and departments.

Rep. Adam Schiff (D-Calif.), the top Democrat on the House Homeland Security Committee, called the cyberattack “among the most shocking” of the recent digital intrusions that have felled government networks.

In the last year, hackers have compromised the White House, State Department, the U.S. weather system and the U.S. Postal Service.

“It’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue,” Schiff added, calling on the Senate to take up a House-passed bill that encourages the public and private sector to share more cyber threat data.

“This bill will not be a panacea for the broad cyber threats we face, but it is one important piece of armor in our defenses that must be put in place — now,” he said.

Senate Intelligence Committee Chairman Richard Burr (R-N.C.) agreed in a late Thursday statement. He is a main backer of the Senate’s companion cyber bill.

“We cannot continue to look the other direction,” Burr said. “Our response to these attacks can no longer simply be notifying people after their personal information has been stolen; we must start to prevent these breaches in the first place.”

This story was last updated at 6:37 p.m.