In what might be the biggest breach of government data in history, the Department of Homeland Security says hackers busted into the computers of the Office of Personnel Management and the Interior Department, reports the AP. The New York Times quotes the president of the American Federation of Government Employees as saying he was told "all 2.1 million current federal employees and an additional two million federal retirees and former employees" may have been affected. The Washington Post, the Wall Street Journal, and the Times report that the hackers are believed to be from China, with the Times noting it's "unclear whether it might have been state sponsored." The Chinese Foreign Ministry today brushed off the allegations, calling it "irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation."
The OPM—the federal government's human resources department—handles security clearances, more than 90% of federal background checks, and employee records and is thus a "high-value target," its information officer tells the Post. The Times reports the hackers seemed to be after Social Security numbers and associated "personal identifying information," but it notes that because of the "breadth" of the hack, the intention—espionage? commercial gain?—is unclear. DHS said its intrusion detection system, known as EINSTEIN, spotted the hack; the breach was found in April, and it's unclear why EINSTEIN didn't spot it sooner (one cybersecurity expert frames EINSTEIN as "a failure at this point"). The agency says it's mounting an "aggressive effort" to shore up security, an effort that unfortunately didn't take place after a separate hack on OPM last year. (Read more data breach stories.)