The employee records from the Central Intelligence Agency were not included in the data cache from the Office of Personnel Management hack, according to government officials. However, that doesn’t mean the CIA has been unaffected by the breach. The Washington Post reports that according to unnamed current and former US officials, the CIA pulled “a number of officers” from the US Embassy in Beijing as a precautionary measure following the breach—precisely because their names would not appear in State Department personnel files believed to have been obtained by Chinese intelligence operatives.
The question of how to respond to the OPM breach was raised yet again during testimony by intelligence and defense officials on September 29 before the Senate Armed Services Committee. The hearing on “United States Cybersecurity policy and threats” delved into the distinction being made by the Obama administration between electronic economic espionage and the hacking of government agencies and why the breach at the OPM was not considered an attack warranting a proportionate response from the US. No US official has gone on the record to attribute the OPM breach to China.
Director of National Intelligence James Clapper told the committee that while “we don’t know in terms of specifics” what was taken in the OPM breach, it had “potentially very serious implications, first among them close to home [for me] in terms of the Intelligence Community and identifying people who may be under public status… This is a gift that’s going to keep on giving for years.” Still, he said, as “egregious” as the OPM breach was, it didn’t amount to an attack on national infrastructure. “Rather, it would be a form of theft or espionage. We, too, practice cyber espionage. We’re not bad at it.”