(Reuters) – The U.S. government agency that collects personnel information for federal employees said on Thursday a cybersecurity breach had compromised the data of about 4 million current and former federal employees.
U.S. officials suspect the cyber attack originated in China, according to media reports.
The Office of Personnel Management detected new malicious activity affecting its information systems in April and the Department of Homeland Security said it concluded at the beginning of May that the agency’s data had been compromised.
The breach affected OPM’s IT systems and its data stored at the Department of the Interior’s data center, which is a shared service center for federal agencies, a DHS official said on condition of anonymity. The official would not comment on whether other agencies’ data had been affected.
OPM had previously been the victim of a cyberattack, as have various federal government computer systems at the State Department, the U.S. Postal Service and the White House.
The FBI is investigating the breach, DHS said in a statement.
Since the intrusion, OPM said it had implemented additional security precautions for its networks. It said it would notify the 4 million people affected and offer credit monitoring and identity theft services to the people affected.
(This story was updated with additional information)
