Hackers believed to be working for Chinese state agencies have broken into the networks of the US government agency holding the personal information of all federal employees, targetting the files of staff who had applied for top-security clearances.
However, while the attacks were traced to IP addresses emanating in China, it remains unclear whether they were working for Chinese government agencies or simply using insecure systems in China to attack from elsewhere.
The attackers reportedly gained access to databases administered by the Office of Personnel Management in March this year, before the threat was detected and cleared up, according to the New York Times.
While the attack has been confirmed by the US Department of Homeland Security, it added that it had not "identified any loss of personally identifiable information".
A representative of the Office of Personnel Management said that monitoring systems at the Department of Homeland Security and the agency office enabled them to be "alerted to a potential intrusion of our network in mid-March", according to the New York Times' report.
It is rare for US (or any) government organisations to admit to successful attacks. Last year, the US Department of Energy was forced to admit to an intrusion because personally identifiable information had been stolen, and US state laws mandate public disclosure under such circumstances.
US authorities have pointed the finger at China, claiming that a special unit of the People's Liberation Army – Unit 61398 – was responsible for concerted attacks against the US. China, however, could claim something similar, thanks to the revelations of US National Security Agency contractor Edward Snowden.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy