The US government on Thursday admitted hackers accessed the personal data of at least four million current and former federal employees.
“As a result of the incident,” uncovered in April, the Office of Personnel Management said it “will send notifications to approximately four million individuals.”
It added that additional exposures “may come to light.”
The government’s personnel department handles hundreds of thousands of sensitive security clearances and background investigations on prospective employees each year.
It was not immediately clear whether the hack affected President Barack Obama, other senior government officials or the intelligence community.
The Washington Post and other US media cited government officials as saying that Chinese hackers were behind the breach.
But the Chinese embassy in Washington countered that such attacks would not be allowed under Chinese law.
“Jumping to conclusions and making hypothetical accusations is not responsible and counterproductive,” embassy spokesman Zhu Haiquan said.
“Chinese laws prohibit cyber crimes of all forms. China has made great efforts to combat cyber attacks in accordance with Chinese laws and regulations,” he added.
The FBI and Department of Homeland Security are said to be leading the investigation. The FBI in a statement said it “will continue to investigate and hold accountable those who pose a threat in cyberspace.”