Hackers with suspected links to China appear to have accessed sensitive data on US intelligence and military personnel, American officials say.
Details of a major hack emerged last week, but officials have now given details of a potential second breach.
It is feared that the attack could leave US security personnel or their families open to blackmail.
The agency involved, the Office of Personnel Management (OPM), is yet to comment on the reports.
Officials, who spoke on condition of anonymity to the Associated Press (AP) news agency, believe the attackers have targeted the forms submitted by intelligence and military personnel for security clearances.
The document includes personal information – everything from eye colour, to financial history, to past substance abuse, as well as contact details for the individual’s friends and relatives.
Loans and drug use
A 127-page vetting document called Standard Form 86 may have been accessed. Among the questions potential employees are asked:
- In the past seven years, have you defaulted on any loans?
- Have you ever voluntarily sought counselling or treatment as a result of your use of alcohol?
- In the last seven years, have you illegally used any drugs or controlled substance?
A White House statement said investigators had a “high degree of confidence” that background information on government employees had been accessed.
Joel Brenner, a former US counterintelligence official, called the data a “gold mine” for hackers.
It is also believed the breach of personal data of US government workers announced last week may be far larger than previously reported.
Initial estimates put the number of people potentially affected at four million, but officials close to the investigation told AP that as many as 14 million might be involved.
Previous hack attacks on US government
- In November 2014 a hack compromised files belonging to 25,000 employees of the Department of Homeland Security, as well as thousands of other federal workers
- In March 2014 hackers breached OPM networks, targeting government staff with security clearance, but the attempt was blocked before any data was stolen. The intrusion was traced to China
- In 2006, hackers believed to be based in China breached the system of a sensitive bureau in the US Department of Commerce. Hundreds of workstations had to be replaced
The US has said the hackers, thought to be behind both attacks, are believed to be based in China. Beijing called the claims “irresponsible”.
The Obama administration meanwhile announced further measures to beef up cybersecurity on Friday.
“Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure,” a White House statement said.