U.S. officials say they are still trying to assess the damage caused by a massive cyberattack on the federal government, while a union representing federal workers on Thursday claimed that the information of every current and retired federal employee was exposed.
"We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous," J. David Cox, president of the American Federation of Government Employees, said in a letter to the Office of Personnel Management.
The breach of OPM data is considered to be the largest cyberattack in U.S. history, and the office has said around four million current and former federal workers may have had their personal information compromised.
"Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees."
A spokesman for the OPM said the union’s claims are not accurate, and that the number of people whose information was compromised is no different than the office reported last week.
Around 4.2 million people may have had their information compromised, OPM spokesman Sam Schumach told NBC News Thursday, a number that includes 2.1 million active workers; 1 million retirees; and 1.1. million separated workers.
Senator Harry Reid, who was briefed on the attack, has said China was behind it. Sources have told NBC News that the scale of the attack points to the Chinese government as the perpetrator, rather than a non-state actor.
China has denied any involvement, and last week accused the U.S. of making “groundless accusations.”
Some intelligence agencies were included in the hack, and some of their employees with higher clearances could have been exposed, NBC News has learned.
Particularly damaging is the fact that contacts including friends, relatives and foreign associates of those seeking security clearances were also obtained — which could be used to compromise diplomats as well as energy and commerce officials who deal with nuclear and trade secrets and others in national security positions.
Deputy National Security Advisor Ben Rhodes said in an interview Thursday that officials were still trying to determine how much information was compromised.
"We're still going through the damage assessment. Clearly there was a significant breach,” Rhodes said on MSNBC.
"I think it's not a surprise to anybody that you have foreign governments, particularly governments like China, that have been adversarial in the cyberspace, who may try to collect information on U.S. personnel, U.S. government officials, who may be willing and seeking to conduct espionage," he said.
Rhodes said the cyberattack appears to be a broad intrusion rather than targeting the information of specific individuals.