Personnel data, including personally identifiable information (PII), of four million current and former federal employees may have been stolen in a hack of the U.S. Office of Personnel Management (OPM), the government disclosed Thursday.

OPM detected the cyber intrusion in April while updating its cybersecurity posture.

“Based on what we know now, this intrusion into the OPM system occurred in December. As a result of the ongoing efforts by the OPM and agencies across the federal government, to update our defenses and update our ability to detect intrusions, the OPM detected this particular intrusion in April. It wasn’t until May that they were able to determine that some data may have been compromised and potentially exfiltrated,” Josh Earnest, White House Press Secretary, said in a daily briefing Friday.


OPM is working with the Department of Homeland Security’s (DHS) Computer Emergency Readiness Team (US-CERT) and the FBI to determine the full impact of this intrusion to federal personnel, OPM said.

“Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network,” the office said

OPM is preparing to send notifications to the individuals whose PII may have been compromised, beginning June 8 and lasting though June 19. The office may also send out additional notifications as further PII exposures may be discovered.

The office is offering credit report access, credit monitoring, and identity theft insurance and recovery services to affected individuals to help mitigate the risks of this exposure. The services will be offered though CSID, a company that specializes in such services.

Earnest noted the utility of the Einstein and Continuous Diagnostics and Monitoring (CDM) DHS programs in detecting cyber intrusions. He also said due to an earlier DHS decision, the implementation schedule of the third generation of Einstein was being accelerated from 2018. “Einstein 3 should be implemented across all federal civilian agencies next year.”

The White House highlighted Congress’ inaction on cybersecurity issues.

“We’ve seen very little action from Congress…we actually need to see improved coordination between the government and the private sector on these matters. And that effort to coordinate requires congressional action and the fact is we need the United States Congress to come out of the dark ages and actually join us here in the 21st Century to make sure that we have the kinds of defenses that are necessary to protect a modern computer system,” Earnest said.

Lawmakers responded to the breach by promoting cyber security legislation that has not been taken up by the Senate yet.

Sen. Dianne Feinstein (D-Calif.), Vice Chairman of the Senate Intelligence Committee, noted a bill she introduced with Chairman Richard Burr (R- N.C.), the Cybersecurity Information Sharing Act (CISA), would allow information sharing procedures the White House favors. “I believe this bill should come before the full Senate as soon as we finish with the defense authorization bill.”

Sen. Angus King (I-Maine), a supporter of CISA, agreed with Feinstein.

“This cyber intrusion is yet another example of the serious threats our country faces…How many breaches do we have to endure, how many Americans have to be put at risk, before Congress takes action on this incredibly pressing and serious issue? I continue to strongly urge my colleagues to immediately consider cyber-security legislation.”

House members pushed the Senate to act on legislation they previously passed.

Rep. Devin Nunes (R-Calif.), Chairman of the House Intelligence Committee, noted this “is just the latest breach that has jeopardized the personal information of millions of Americans. The government must take fast, decisive measures to counter these intrusions.” He urged the Senate to approve a separate cyber sharing bill, the House-passed Protecting Cyber Networks Act.

NSA and Cybersecurity Subcommittee Chairman Lynn Westmoreland (R- Ga.) agreed. “Business and industry leaders warned us of the growing threats during various hearings, and this attack shows why the Senate needs to move quickly on a cyber bill.”

The government is not yet willing to publicly disclose who conducted the cyberattack, but multiple news reports indicate it originated in China.

“Multiple reports indicate that this latest attack on OPM originated in China. If true, this breach joins an already lengthy and well-documented record of Chinese intellectual property theft and cyber-espionage against the U.S. government and American companies,” Sen. John McCain (R-Ariz..), Chairman of the Senate Armed Services Committee, said in a statement.

The Chinese government has pushed against allegations it is behind the hacking, according to a report in China state news agency Xinhua.

“Cyber attacks conducted across countries are hard to track and therefore the source of attacks is difficult to identify. Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive,” Zhu Haiquan, a spokesman for the Chinese Embassy in the United States, was quoted in a statement.