Chinese hackers broke into the computer network housing the personal information of all federal government employees in March, Today reported Thursday morning.
The New York Times reported first on the hacking at the Office of Personnel Management, which comes as Secretary of State John Kerry is in Beijing for an annual meeting with the Chinese on security and economic issues, NBC's Pete Williams said.
"They say the hackers were going after data about federal employees who sought high-level security appearances, and the files contain financial information, job history, and perhaps of most interest to the hackers, any foreign contacts," Williams said. "The files are used to conduct background investigations. Government officials say the intrusion appeared to come from China."
Neither the OPM nor the Department of Homeland Security "identified any loss of personally identifiable information," according to a DHS source.
Williams said it was "uncertain" whether those involved in the attack worked for the Chinese government, however, although the U.S. has long accused China of conducting a "relentless" hacking campaign. In May, the U.S. indicted five Chinese military hackers for cyber attacks against American companies.
One senior American official said that the attack was traced to China, though it was not clear if the hackers were part of the government. Its disclosure comes as a delegation of senior American officials, led by Secretary of State John Kerry, are in Beijing for the annual Strategic and Economic Dialogue, the leading forum for discussion between the United States and China on their commercial relationships and their wary efforts to work together on economic and defense issues.
Computer intrusions have been a major source of discussion and disagreement between the two countries, and the Chinese can point to evidence, revealed by Edward J. Snowden, that the National Security Agency went deep into the computer systems of Huawei, a major maker of computer network equipment, and ran many programs to intercept the conversations of Chinese leaders and the military.
American officials say the attack on the Office of Personnel Management was notable because while hackers try to breach United States government servers nearly every day, they rarely succeed. One of the last attacks the government acknowledged occurred last year at the Department of Energy. In that case, hackers successfully made off with employee and contractors’ personal data. The agency was forced to reveal the attack because state disclosure laws force entities to report breaches in cases where personally identifiable information is compromised. Government agencies do not have to disclose breaches in which sensitive government secrets, but no personally identifiable information, has been stolen.