Nearly 4 million past and current federal employees may have fallen victim to the latest cybersecurity attack against the Office of Personnel Management.
The federal agency said in a statement that it discovered the breach in April, during a recent push to update the its "cybersecurity posture." OPM says people's names, social security numbers, dates and places of birth, and current and former addresses were hacked.
The department says once it discovered the breach, it "immediately implemented additional security measures to protect the sensitive information it manages." OPM is also partnering with the U.S. Department of Homeland Security's U.S. Computer Emergency Readiness Team and the FBI to determine how federal personnel will be affected.
OPM says it will notify people affected between June 8 and June 19. In January, President Obama proposed that companies should tell people if their data has been hacked within 30 days; the timeline announced today is outside of that window.
OPM also says it will offer affected individuals credit monitoring services and identity theft insurance at no cost.
NPR's Brian Naylor told our Newscast Unit that this isn't the first time OPM's computers have been hacked by someone seeking sensitive information. China was believed responsible for the last attack. And though the Office of Personnel Management has yet to indicate where this latest attack originated from, The Washington Post reports China is responsible for it as well, citing unnamed government officials. The Post says this is part of an ongoing pattern of Chinese cyberattacks:
"China is one of the most aggressive nations targeting U.S. and other Western states' networks. In May of 2014, the United States announced the indictments of five Chinese military officials for cyber economic espionage—hacking into the computers of major steel and other companies and stealing plans, sensitive negotiating details and other information."