U.S. News


Chinese Hackers Target U.S. Data, But Who's Hacking Who?

A New York Times report says Chinese hackers accessed databases in the Office of Personnel Management, where sensitive employee data is stored.
Posted at 9:03 AM, Jul 10, 2014

A new report from The New York Times says Chinese hackers infiltrated databases in the Office of Personnel Management in March.

It's unclear just how much data was accessed before the hackers were detected and blocked. Of utmost concern — the Office of Personnel Management "oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data." (Via The New York Times)

The Times says e-QIP also houses other sensitive information, like foreign contacts and past drug use.

According to The Guardian, there is one potential gauge for the data breach. Because the attack was not announced, it may shine some light on what information was accessed. A spokeswoman for the Obama administration said, "We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers' personal information."

But a few outlets are taking a somewhat skeptical approach to the report, noting the back-and-forth hacking accusations between the U.S. and China. (Via The Register, ZDNet,  Engadget)

A writer for The Register says, "there's also a chance the incident, and the news of it, is more sabre-rattling. China and the USA regularly exchange allegations of digital skulduggery and protest loudly that such activities aren't very polite or kind."

And ZDNet points out, "relations between China and the United States have been strained of late due to constant accusations that each side is launching cyberattacks -- or using the idea as a propaganda tool -- in order to harm the other."

It's important to note one U.S. official said it wasn't clear if the attack was part of Chinese government efforts, just that it had been traced to China. The report suggests there was "no reason to believe personally identifiable information for employees was compromised."