The U.S. government's human resources agency appears to be the victim of a second major cyber attack. China-linked hackers are believed to be responsible for both cyber intrusions, a claim China dismisses as "irresponsible."
The second attack on the Office of Personnel Management, or OPM, allowed hackers to access highly sensitive background information submitted by intelligence and military personnel for security clearances for several agencies, including the Central Intelligence Agency and the National Security Agency, anonymous U.S. officials said.
The deeply personal data needed to obtain security clearances includes information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. Applicants must also supply information on contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion.
In the first attack on OPM, announced last week, the hackers were reported to be in possession of sensitive personnel information on millions of federal workers. OPM said as many as four million current and former federal employees may have been affected by the December hacking.
However, the American Federation of Government Employees, a labor union, said Thursday that the hackers are in possession of personnel information on all federal employees.
The AFGE said the breach represents an "abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce."
The second cyber attack was discovered during an investigation into the attack against federal employees.
The cyber attacks come two years after a federal government contractor, Edward Snowden, was able to steal tens of thousands of the National Security Agency's most sensitive documents.
Some material for this report comes from AP, AFP and Reuters.