Four million federal employees have had their personal data stolen from the Office of Personnel Management, according to a statement on its website.
The OPM will soon be notifying those who may have had their data compromised during the breach - which is said to affect both current and former employees - and plans to offer credit monitoring and identity theft protection. The notifications are expected to be sent between June 8th and June 17th, Forbes reveals.
The statement from the OPM explains that the breach itself dates back to April this year, when the organization discovered a "cyber-intrusion affecting its information technology (IT) systems and data."
The source of the OPM hack is still unconfirmed, but The Washington Post claims the attack originated in China. According to the piece, US officials speaking on the condition of anonymity, "identified the hackers as being state-sponsored." This suggestion is echoed in The New York Times, and a "U.S. law enforcement source" is quoted in Reuters as saying a "foreign entity or government" is believed to be behind the attack.
The Guardian reports swift denials from Chinese officials that this is the case. The paper quotes foreign ministry spokesman Hong Lei, who said, "We know that hacker attacks are conducted anonymously, across nations, and that it is hard to track the source. It’s irresponsible and unscientific to make conjectural, trumped-up allegations without deep investigation."
News of the OPM hacking follows hot on the heels of the discovery that the IRS agency had been targeted by malicious hackers for over two months, gaining access to information on 100,000 American tax payers, as reported by We Live Security here.