The New York Times reports that China is responsible for the OPM breach exposing four-million federal workers personally identifiable information:
The Obama administration on Thursday announced what appeared to be one of the largest breaches of federal employees’ data, involving at least four million current and former government workers in an intrusion that officials said apparently originated in China.
The compromised data was held by the Office of Personnel Management, which handles government security clearances and federal employee records. The breach was first detected in April, the office said, but it appears to have begun at least late last year.
The target appeared to be Social Security numbers and other “personal identifying information,” but it was unclear whether the attack was related to commercial gain or espionage. The announcement of the intrusion came on the same day The New York Times reported that the National Security Agency had expanded warrantless surveillance of foreign hackers, an effort that could sweep up the information of innocent Americans.
There seemed to be little doubt among federal officials that the attack was launched from China, but it was unclear whether it might have been state sponsored. The administration did not publicly identify Chinese hackers as the culprits because it is difficult to definitively attribute the source of cyberattacks and to back up such an attribution without divulging classified data.
The breach is the third major foreign intrusion into an important federal computer system in the past year. Last year, the White House and the State Department found that their email systems had been compromised in an attack that was attributed to Russian hackers. In that case, some of President Obama’s unclassified emails were apparently obtained by the intruders.
This should come as no surprise. If this was detected in April, why did it take until June to be headline news?
The US government cyber security track record is suddenly looking a bit, shall we say, questionable.