Update: Additional informational reveals that the attack could affect as many as 14 million US government employee files. 

Earlier this month, the US government disclosed a massive data breach at the Office of Personnel Management. This government department is responsible for the human resources records and security clearances for all federal US government employees and the data breach has compromised the employee records of up to 4 million employees, both those currently employed with the US government as well as those who have retired or changed careers. The attack is said to have occurred in April of this year but was only recently disclosed.

According to both the Wall Street Journal and the Washington Post, unnamed US government officials stated that the cyberattack appeared to have originated in China, but they did not point fingers directly at the Chinese government. As hacker attacks are made anonymously, utilizing the computer networks of numerous countries, it is difficult to implicate a definitive international culprit. However, similar attacks on the private sector have been tracked to malicious software installed on networks whose users utilized the Chinese-language search engine Baidu.

After the hack was identified, US government employees possibly affected by the breach were instructed to change all passwords, to place fraud alerts on their credit reports and to remain diligent as foreign intelligence services may attempt to exploit their respective personal information and security clearances. Dan Payne, a senior official for the Director of National Intelligence, recently addressed the employees: “Some of you may think that you are not of interest because you don’t have access to classified information, you are mistaken,” he said. Information accessed in the breach included personally identifiable information such as Social Security numbers, names, dates and places of birth, and personal addresses.

The attack follows the disclosure of a data breach at the United States Internal Revenue Service (IRS) compromising the personal information of over 100,000 US taxpayers. In May, US Secretary of Defense, Ashton Carter, identified Russia, China, Iran and North Korea as possible threats to his country’s ongoing fight against cyber espionage. A number of government officials and security experts have indicated that the scope and severity of the data breach at the Office of Personnel Management indicated the concerted espionage efforts of a nation state rather than private hackers. 

The data breach was discovered using the US government’s network intrusion system known as “Einstein.” Recently, the Obama administration announced that the US federal government will be accelerating the roll-out of the new generation of the internal security software, “Einstein 3,” partly as a response to the increasing risk of state-sponsored cyber-attacks.