At the Wall Street Journal, "U.S. Suspects Hackers in China Breached About 4 Million People’s Records, Officials Say":
U.S. officials suspect that hackers in China stole the personal records of as many as four million people in one of the most far-reaching breaches of government computers.More.
The Federal Bureau of Investigation is probing the breach, detected in April at the Office of Personnel Management. The agency essentially functions as the federal government’s human resources department, managing background checks, pension payments and job training across dozens of federal agencies.
Investigators suspect that hackers based in China are responsible for the attack, though the probe is continuing, according to people familiar with the matter. On Thursday, several U.S. officials described the breach as among the largest known thefts of government data in history.
It isn’t clear exactly what was stolen in the hack attack, but officials said the information can be used to facilitate identity theft or fraud. The Department of Homeland Security said it “concluded at the beginning of May” that the records had been taken.
China’s foreign ministry, the cabinet’s information office and the Cyberspace Administration didn’t respond to requests for comment. In response to previous allegations of Chinese hacking and cyber-espionage, Beijing has said that China is also a target of hacking attacks from overseas.
China and the U.S. have sparred over cybersecurity, with the U.S. accusing Chinese government military officers of sustained hacking of U.S. firms for economic advantage. Chinese authorities have denied those accusations.
Investigators believe the attack is separate from a hacking incident detected last year at the Office of Personnel Management. That attack was far smaller, although officials didn’t disclose at the time how many employees were affected. In another apparently unrelated computer attack, Russian hackers are suspected in a large, long-running breach of State Department computers.
In February, The Wall Street Journal reported that the State Department had been unable to evict suspected Russian hackers from its unclassified email system despite months of effort and help from spies and private companies.
The breach disclosed Thursday is the latest sign of the U.S. government’s struggles to protect its own data, even though the Obama administration has spent much of the past year pushing companies to do a better job protecting their computer networks and sharing crucial intelligence on cyber weapons.
Last week, the Internal Revenue Service said identity thieves illegally obtained prior-year tax-return data for more than 100,000 households from an agency website. The criminals used personal data obtained elsewhere to gain access to the tax-return data, the IRS said. The return data can help in filing false refund claims.
The IRS is working on an agreement with tax-preparation firms on ways to strengthen security of the tax system.
The data breach at the Office of Personnel Management is smaller as measured by the number of people affected than some so-called mega breaches in the private sector.
Health insurer Anthem Inc. said earlier this year that hackers gained access to personal information on as many as 80 million customers. Home Depot Inc. said last year that 56 million cards might have been compromised in a five-month attack on its payment terminals.
The Office of Personnel Management hasn’t said how many of the four million people affected by its latest breach are current or former employees or government contractors.
The agency has estimated that there are about 4.2 million federal employees, including 1.5 million who serve as uniformed military personnel.
“We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted,” said Katherine Archuleta, director of the Office of Personnel Management...
Plus, at the OPM, "OPM to Notify Employees of Cybersecurity Incident."
0 comments:
Post a Comment