The Department of Homeland security released a statement Thursday warning that personnel data from the Office of Personnel Management and the Interior Department may have been compromised by a cyberattack. The statement read: 

Advertisement
"The U.S. Office of Personnel Management (OPM) has identified a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information (PII).
Within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM detected a cyber-intrusion affecting its information technology (IT) systems and data. 

The intrusion predated the adoption of the tougher security controls. OPM has partnered with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI) to determine the full impact to Federal personnel. OPM continues to improve security for the sensitive information it manages and evaluates its IT security protocols on a continuous basis to protect sensitive data to the greatest extent possible. 

Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network. As a result of the incident, OPM will send notifications to approximately 4 million individuals whose PII may have been compromised. Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary..."

According to The Associated Press, Senator Susan Collins (R-Maine) said that the hackers are believed to be based in China, though a spokesman for the Chinese Foreign Ministry dismissed the allegations. Collins described the breach as "yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances."