The CIA has decided to withdraw its staff from the US embassy in China after data stolen from government computers could expose its agents, the Washington Post reports.
In April, data about some 21 million federal employees was stolen in a massive attack on the US Office of Personnel Management (OPM).
Security companies have blamed Chinese state hackers for the attack.
Removing the CIA staff was “precautionary”, agency officials told the Washington Post.
The CIA declined to comment directly on the matter.
Information about CIA staff was not in the massive cache of files stolen from OPM computers, but other records about background checks carried out by the State Department on employees were copied in the raid.
The CIA fears that by comparing the list of those who have been checked with the roster of known embassy personnel could help the Chinese expose its intelligence workers.
Those working at the embassy but not checked by the State Department were CIA agents, said the newspaper, citing “unnamed officials”.
The danger that trawling through the data would expose intelligence agents was also raised by CIA Director James Clapper during a hearing before the Senate Armed Services Committee.
James Clapper said the breach had “potentially very serious implications” for the intelligence community by identifying its agents in other countries.
“This is a gift that’s going to keep on giving for years,” he told the Senate committee looking into the cyber-threats facing the US and the steps the nation took to combat them.
James Clapper added the US itself engaged in the types of cyber-attacks China had been accused of.
Chinese hackers appear to have accessed sensitive data on US intelligence and military personnel, American officials say.
Details of a major hack emerged last week, but officials have now given details of a potential second breach.
It is feared that the attack could leave US security personnel or their families open to blackmail.
The Office of Personnel Management (OPM), is yet to comment on the reports.
Officials, who spoke on condition of anonymity to the Associated Press, believe the attackers have targeted the forms submitted by intelligence and military personnel for security clearances.
The document includes personal information – everything from eye color, to financial history, to past substance abuse, as well as contact details for the individual’s friends and relatives.
Photo Getty Images
A 127-page vetting document called Standard Form 86 may have been accessed. Among the questions potential employees are asked:
In the past seven years, have you defaulted on any loans?
Have you ever voluntarily sought counseling or treatment as a result of your use of alcohol?
In the last seven years, have you illegally used any drugs or controlled substance?
A White House statement said investigators had a “high degree of confidence” that background information on government employees had been accessed.
Joel Brenner, a former US counterintelligence official, called the data a “gold mine” for hackers.
It is also believed the breach of personal data of US government workers announced last week may be far larger than previously reported.
Initial estimates put the number of people potentially affected at four million, but officials close to the investigation told AP that as many as 14 million might be involved.
The US has said the hackers, thought to be behind both attacks, are believed to be based in China. Beijing called the claims “irresponsible”.
The Obama administration meanwhile announced further measures to beef up cybersecurity on June 12.
A White House statement said: “Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure.”
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.