BEIJING — China accused the United States of making “groundless accusations” and being “irresponsible” Friday in blaming Chinese hackers for a vast data breach that could be the biggest cyberattack in U.S. history.
Four million federal workers may have had their personal information compromised in the attack, which officials said could affect every agency of the U.S. government.
U.S. officials and lawmakers identified the likely culprit as China, which has been suspected of involvement in previous government hacks.
Sen. Susan Collins (R-Maine), a member of the Senate Intelligence Committee, said the hack was "extremely sophisticated," and "that points to a nation state" as the responsible party, likely China.
"We're still evaluating how serious the breach is, but if it does involve the compromising of the personal records of four million Americans, I certainly think that a strong response is warranted," she said.
However, China’s foreign ministry spokesman Hong Lei told NBC News that it was very hard to prove who was responsible for cyber attacks.
“Without the thorough investigation, you jump to a conclusion so quickly. We think it is not scientific and is irresponsible."
He stopped short of an outright denial but said China was against cyberattacks. "We are very firm on this,” he said.
"We hope the United States side could discard this kind of suspicion and stop groundless accusations. We would like to see more trust and cooperation from the U.S.," he added.
The compromised data was stored in a system shared by the Interior Department and the Office of Personnel Management, which screens and hires federal workers and approves security clearances for 90 percent of the federal government.
U.S. officials told NBC News that, so far, the breach doesn't appear to be the "worst-case scenario" — compromise and disclosure of the identities of the covert CIA agents.
Beginning Monday, approximately four million current and former government employees will notified that their personal information — including names, Social Security numbers and birth dates — might have been hacked.
"I fear a cyber-'Pearl Harbor' is increasingly likely if we do not invest in the necessary infrastructure to protect our nation"
The OPM announced Thursday that all those potentially affected will be given help with credit reports and identity theft insurance, and posted guidance for anyone who suspects their data might have been compromised.
The National Treasury Employees Union, which represents workers in 31 federal agencies, said it is encouraging members to sign up for the monitoring as soon as possible.
The FBI is leading the investigation into the breach, which was discovered in April.
Experts said stolen information could be used for financial gain or to identify intelligence targets.
"If they know someone has a large financial debt, or a relative with a health condition, or any other avenues that make them susceptible to monetary targeting or coercion, that information would be useful,” said Adam Meyers, vice president for intelligence at Irvine, California-based CrowdStrike, which has studied Chinese hacking groups extensively. Chinese groups have persistently attacked U.S. agencies and companies, including insurers and health-care providers, Meyers said.
Lawmakers said the new breach was further proof that it's time for the U.S. to take strong action to harden its computer networks.
Lindsey Graham (R-South Carolina) said he feared the breach was “yet another example of America being walked over by rivals and adversaries,” adding: “The Obama administration's failures in foreign policy and national security continue to pile up yet they do nothing to change course. I fear a cyber-'Pearl Harbor' is increasingly likely if we do not invest in the necessary infrastructure to protect our nation."
Adam Schiff (D-California), the top Democrat on the House Intelligence Committee, called the new attack "most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses."