Hackers broke into the federal government’s human-resources agency last December, but U.S. officials didn’t discover the cyberattack until April, the White House said Friday.
White House press secretary Josh Earnest said officials at the Office of Personnel Management uncovered the hacking at least four months after it occurred, as they were upgrading the agency’s computer defenses against such attacks.
“Based on what we know now, this intrusion into the OPM system occurred in December,” Mr. Earnest said. “The OPM detected this particular intrusion in April. It wasn’t until May that they were able to determine that some data may have been compromised and potentially exfiltrated.”
OPM will begin notifying individual current and former employees among the agency’s 4 million workers on Monday whether their personal information has been compromised. The agency “holds a lot of personally identifiable information of both current and former federal government employees,” Mr. Earnest said.
“Given the information that they hold, we take very seriously the threat,” he said.
China-based hackers are believed to be responsible for the largest-ever attack on the federal government’s computer systems, although Mr. Earnest said the FBI is still investigating the source of the hacking.
SEE ALSO: Data breach: Chinese hackers stole 4 million federal employees’ personal information
“No conclusions … have been reached at this point,” he said. “We’re dealing with a persistent adversary, and in some cases, the less they know about what we know about what they did, the better.”
The Chinese Foreign Ministry wouldn’t confirm or deny its involvement in the hack.
“China itself is also a victim of cyberattacks,” Chinese Foreign Ministry Spokesman Hong Lei said Friday in Beijing. “China resolutely tackles cyberattack activities in all forms.”
Mr. Earnest said President Obama “of course” still plans to roll out the red carpet for Chinese President Xi Jinping with an official state visit at the White House in September. In light of this week’s revelations, the meeting will likely include more discussions about China’s role in cyberattacks.
“When it comes to China … the president has frequently, including in every single meeting that he’s conducted with the current Chinese president, raised China’s activities in cyber space as a significant source of concern,” Mr. Earnest said. “The president will continue to raise these concerns and ensure that the federal government has defenses that reflect this threat.”
In the wake of the latest cyberattack, administration officials said they are speeding up implementation of a computer defense software system known as “Einstein 3” to detect such attacks and prevent them. Mr. Earnest said the program, initially planned to be fully operational in 2018, now will be installed completely by sometime next year.
Even before the latest attack, the Obama administration was under heavy criticism from Congress for failing to do enough to prevent earlier hacking that was believed to have been carried out by agents based in Russia, China and North Korea.
The White House Friday blamed Congress for failing to act on cybersecurity legislation that Mr. Obama sent to lawmakers in January, including a requirement for all attacks to be disclosed by private companies or government agencies within 30 days.
“What is beyond argument is that these three pieces of legislation that the president sent to Congress five months ago would significantly improve the cybersecurity of the United States,” Mr. Earnest said.
A top aide to Speaker John A. Boehner, Ohio Republican, said House Republicans have “led the charge” on cybersecurity legislation, but Senate Democrats have stalled two House-passed measures that the White House supports.
“Where is the leadership?” said Boehner spokesman Cory Fritz. “The federal government has just been hit by one of the largest thefts of sensitive data in history, and this White House is trying blame anyone but itself. It’s absolutely disgusting.”
• Dave Boyer can be reached at dboyer@washingtontimes.com.
Please read our comment policy before commenting.