China-linked hackers appear to have gained access to sensitive background information submitted by U.S. intelligence and military personnel for security clearances that could potentially expose them to blackmail, the Associated Press reported on Friday.
In a report citing several U.S. officials, the news agency said data on nearly all of the millions of U.S. security-clearance holders, including the Central Intelligence Agency, National Security Agency and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management.
It said more than 2.9 million people had been investigated for a security clearance as of October 2014.
The OPM did not immediately respond to requests for comment, but a senior U.S. official confirmed that U.S. investigators had discovered a separate attack on the OPM that targeted sensitive information about government employees similar to a hacking incident revealed last week.
The official, who spoke on condition of anonymity, could not confirm that the information obtained was from U.S. intelligence and military personnel but did say it was "a different set of OPM systems and data" to that of the hack disclosed last week and did involve background data and security clearances.
A source familiar with the investigation said U.S. investigators suspected a similar Chinese link to the other hacking incident.
Earlier on Friday, the White House said it could not confirm another AP report that as many as 14 million current and former U.S. government employees had their personal information exposed to hackers in the other OPM breach.
The government said last week that the records of up to 4 million people had been compromised, making it one of the biggest known attacks on U.S. federal networks. White House spokesman Josh Earnest said the investigation was continuing into this breach.
The AP report said a form authorities believed to have been accessed in the breach involving the intelligence and military personnel, Standard Form 86, required applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies.
The form required the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion, the report said. The form also required the applicant's Social Security number and that of their cohabitant.
Later on Friday, without referring to the AP report, the Obama administration said it had ordered federal agencies to take extra steps to protect U.S. government computer systems.
“Recent events underscore the need to accelerate the Administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure,” the White House said in a statement outlining its security measures.
Friday's reports came as President Barack Obama's top national security adviser, Susan Rice, met with a top Chinese military officer, General Fan Changlong, at the White House and stressed the need for the United States and China to narrow disagreements, including on cyber security.
China, which is also at odds with the United States over Beijing's increasingly assertive pursuit of territorial claims in the South China Sea, has rejected as irresponsible any allegations that it was behind the hacking.
The cyber attacks and tensions over the South China Sea threaten to overshadow broader annual U.S.-China talks covering economic and strategic ties between the word's two biggest economies from June 22-24.
U.S. government officials and cyber analysts say Chinese hackers are using high-tech tactics to build massive databases that could be used for traditional espionage, such as recruiting spies, or gaining access to secure data on other networks.
The OPM incident disclosed last week gave the hackers access to a trove of personal information, including birth dates, Social Security numbers, previous addresses and security clearances.
One official said the stolen information would enable an intelligence service to chart out relationships among U.S. government employees and build pictures of individuals and their families, potentially enabling them to figure out ways to target or blackmail people for espionage purposes.