Chinese hackers broke into the computer networks of the U.S. Office of Personnel Management earlier this year with the intention of accessing the files of tens of thousands of federal employees who had applied for top-secret security clearances, according to The New York Times.
Senior U.S. officials say the hackers gained access to some of the agency's databases in March before the threat was detected and blocked, the Times reported in an article posted on its website Wednesday night. How far the hackers penetrated the agency's systems was not yet clear, the newspaper said.
The Office of Personnel Management houses personal information for all federal employees. Those applying for security clearances would be expected to provide such information as foreign contacts, previous jobs, past drug use and other personal details, the newspaper reported.
The Times quoted an unidentified senior U.S. official as saying that the attack had been traced to China but that it wasn't clear whether the hackers were part of the government. A Homeland Security Department official confirmed to the Times that an attack occurred but said no loss of personally identifiable information had been found.
In the Office of Personnel Management's system, federal employees who maintain security clearances are required to update their personal information, the Times said. Agencies and contractors use the information to investigate employees.
The attack in March was not announced even though the Obama administration has urged U.S. companies to share information about breaches in security with the government and with consumers, the newspaper reported.
"The administration has never advocated that all intrusions be made public," Caitlin Hayden, a spokeswoman for the Obama administration, said in a statement to the Times. "We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers' personal information. We have also advocated that companies and agencies voluntarily share information about intrusions."
Hayden said the administration had no reason to believe that personally identifiable information about employees had been compromised.
Accusations of hacking by China and counterclaims of such activity by the U.S. government have strained U.S.-Chinese relations. Chinese hacking has been a major theme of U.S.-China discussions this week in Beijing, though both sides have publicly steered clear of the controversy.
In March, Beijing expressed “extreme concern” over reports by The New York Times that the NSA had secretly accessed the email archive of telecom giant Huawei, a major competitor of U.S.-based Cisco Systems.
U.S. officials maintained, in at least one anonymous comment to the press, that the intelligence operation was not economic espionage.
In May, the Justice Department filed a 31-count indictment against five Chinese military officials operating under hacker aliases and accused them of penetrating computer networks of a half-dozen steel companies and makers of solar and nuclear technology to gain a competitive advantage. The Chinese government denied the allegations and suspended a working group on cyber-rules that was to be part of the annual Strategic and Economic Dialogue this week.
Earlier this week, Crowdstrike, a U.S. security firm, said hackers believed to be associated with the Chinese government, which for years targeted U.S experts on Asian geopolitical matters, had suddenly begun extracting documents from the computers of Iraq experts last month, after armed groups headed by the Islamic State of Iraq and the Levant (ISIL) attacked a refinery. China has extensive interests in Iraqi oil production. A press counselor for China’s embassy in Washington said that Chinese laws prohibit cybercrimes, according to Reuters.
U.S. attempts to crack down on Chinese cyberespionage have coincided with the stream of revelations of the scope of the Obama administration’s own state-sanctioned spying program that was revealed as a part of broader leaks by former National Security Agency contractor Edward Snowden.