While China has long been suspected of launching the massive cyberattacks against the U.S. Office of Personnel Management (OPM) earlier this year, a new probe into the breaches shows the culprits may not be affiliated with the country’s government after all.
While it remains unclear who conducted the investigation or if the Chinese and U.S. governments have agreed upon its results, Xinhua said that the OPM breach was discussed during a meeting this week on cybersecurity which was attended by each government’s officials in Washington, D.C.
The talks, scheduled to take place on Tuesday and Wednesday of this week, are the first since the U.S. and China signed a Memorandum of Understanding in September to establish an agreement on trade and information security.
The OPM has remained under intense scrutiny from lawmakers in the wake of the hacks, which compromised nearly 22 million digital records of both former and current federal employees and contractors, as well as 19.7 million forms with data and more than 5 million fingerprints.
The scope of data pilfered runs the gamut from “every person’s Social Security number, military records, veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information,” J. David Cox, president of the American Federation of Federal Employees, which represents more than 670,000 workers, said in a letter in June.
Just weeks ago, the agency announced it was hiring a new cyber and information technology advisor to help improve and scale its security measures.
“To help build on the federal government’s efforts to strengthen our cybersecurity posture and provide assistance to individuals impacted by the recent cyber intrusions, we must recruit and retain a variety of highly motivated and qualified individuals from this constantly evolving field,” Acting Director Beth Cobert said in a news release.
Despite its reported efforts to beef up its cyberdefenses and IT systems, new revelations surrounding the devastating attacks that took place earlier this year continue to cast doubt on the agency’s past claims on data security.