U.S.: Chinese hackers got to federal workers' records

Last Updated Jul 10, 2014 8:40 AM EDT

U.S. officials are blaming Chinese hackers for another serious data breach.

Someone broke into secure government networks that hold personal information for all federal employees. The target appears to be workers applying for high-level security clearances.

CBS News correspondent Bob Orr reports from Washington that officials are reviewing tens of thousands of files.

Computer security alarms were triggered at the Office of Personnel Management in March, when hackers breached the database containing private files of tens of thousands of U.S. government workers.

As The New York Times first reported Thursday, investigators believe the break-in was the work of Chinese hackers. China has been running a long-term campaign to steal U.S. corporate and government secrets.

It seems this time the cyberthieves may have targeted a system known as e-QIP, which houses sensitive information about government workers who had applied for high-security clearances.

While the investigation is ongoing, a U.S. official told CBS News there is no evidence so far that any data was actually stolen.

This breech comes as the U.S. and China are trading continuously accusations about cyber-espionage. In May, the Justice Department indicted five hackers from the Chinese military, a unit called 61398, on charges that that unit stole sensitive data from U.S. businesses.

But those hackers have not been arrested, and there is little chance of any prosecution.

It's interesting that the news broke as Secretary of State John Kerry was in Beijing for high-level meetings to discuss economic and security issues.

Kerry was asked about the Times report after he wrapped up his meetings in Beijing Thursday. "At this point in time, it does not appear to have compromised any sensitive material," he said. "I'm not going to get into any specifics of the ongoing investigation."

Kerry said he did not discuss the specific case with the Chinese, but added, "We've been clear on larger terms that this is an issue of concern."

A Chinese government spokesman on Thursday reiterated Beijing's oft-stated position that it is "resolutely opposed" to Internet hacking and said there were parties who wanted to make China look like a cybersecurity threat.

"Some of the American media and cyber-security firms are making constant efforts to smear China and create the so-called China cyber threat," Foreign Ministry spokesman Hong Lei said at a regular briefing. "They have never been able to present sufficient evidence. We are deeply convinced that such reports and commentaries are irresponsible and are not worth refuting."

The attack in March was not announced, even though the Obama administration has urged U.S. companies to share information about breaches in security with the government and with consumers, the newspaper reported.

"The administration has never advocated that all intrusions be made public," Caitlin Hayden, a spokeswoman for the Obama administration, said in a statement to the Times. "We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers' personal information. We have also advocated that companies and agencies voluntarily share information about intrusions."

Hayden said the administration had no reason to believe that personally identifiable information for employees had been compromised.

Comments