WASHINGTON: Hackers linked to China appear to have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, several US officials said on Friday, describing a second cyberbreach of federal records that could dramatically compound the potential damage.
The forms authorities believed to have been accessed, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies.
They also require the listing of contacts and relatives, potentially exposing any foreign relatives of US intelligence employees to coercion. Both the applicant's national identification number and that of his or her cohabitant is required.
Also read: N. Korea threatens strikes on US amid hacking row
The officials spoke on condition of anonymity because the security clearance material is classified.
“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” said Joel Brenner, a former top US counterintelligence official.
“That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That is a gold mine. It helps you approach and recruit spies.”
The Office of Personnel Management, a central personnel database, which was the target of the hack, has not officially notified military or intelligence personnel whose security clearance data was breached, but news of the second hack was starting to circulate in both the Pentagon and the CIA.
The officials said they believe the hack into the security clearance database was separate from the breach of federal personnel data announced last week, a breach that is itself appearing far worse than first believed.
It could not be learned whether the security database breach happened when an OPM contractor was hacked in 2013, an attack that was discovered last year. Members of Congress received classified briefings about that breach in September, but there was no mention of security clearance information being exposed. The OPM had no immediate comment on Friday.
Nearly all of the millions of security clearance holders, including CIA, National Security Agency and military special operations personnel, are potentially exposed in the security clearance breach, the officials said.
More than 2.9 million people had been investigated for a security clearance as of October 2014, according to government records.
In the hack of standard personnel records announced last week, two people briefed on the investigation disclosed, Friday, that as many as 14 million current and former civilian US government employees have had their information exposed to hackers, a far higher figure than the 4 million the Obama administration initially disclosed.
American officials have said that cyber theft originated in China and that they suspect espionage by the Chinese government, which has denied any involvement.
The newer estimate puts the number of compromised records between 9 million and 14 million going back to the 1980s, said one congressional official and one former US official, who spoke to the Associated Press on condition of anonymity because information disclosed in the confidential briefings includes classified details of the investigation.
There are about 2.6 million executive branch civilians, so the majority of the records exposed relate to former employees. Contractor information also has been stolen, officials said.