The Department of Homeland Security said in a statement that data from the Office of Personnel Management and the Interior Department had been compromised.
The hackers were believed to be based in China, said Sen. Susan Collins, a Maine Republican.
Collins, a member of the Senate intelligence committee, said the breach was “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances.”
A U.S. official who declined to be identified said the data breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen. Former government employees are affected as well.
“This is an attack against the nation,” said Ken Ammon, chief strategy officer of Xceedium, who said the attack fit the pattern of those carried out by nation states for the purpose of espionage.
The Office of Personnel Management is the human resources department for the federal government, and it conducts background checks for security clearances. The agency said it is offering credit monitoring and identity theft insurance for 18 months to individuals potentially affected.
Senate Intelligence Committee Chairman Richard Burr (R-N.C.), said the government must overhaul its cybersecurity defenses. “Our response to these attacks can no longer simply be notifying people after their personal information has been stolen,” he said. “We must start to prevent these breaches in the first place.”