US unlikely to blame China publicly over OPM data breach - officials

WASHINGTON: While it privately points the finger at China for massive hacking into the personal data of millions of federal employees, the US government does not plan to publicly blame Beijing, US officials said on Wednesday.

President Barack Obama's administration is still debating how it should respond to the breaches, which American officials acknowledge were huge and damaging. China denies any involvement in hacking US databases.

US officials have said basic job application data submitted by 4.2 million people was hacked in a breach disclosed in April and more sensitive security clearance application and investigation data related to 21.5 million Americans was compromised in a hack revealed in May.

The US officials, who spoke on condition of anonymity, said the hacks were arguably the worst breaches of officially held personal data in U.S. history.

But they and other experts said that targeting sensitive government data, including employees' personal data, is the kind of activity expected of foreign spy agencies.

"This really falls more in the world of traditional espionage. It’s sort of more shame on us than anything else," said Brian Finch, a cybersecurity expert with the Pillsbury law firm in Washington. "We just got had if you will by the Chinese government and it’s really more our fault than anything else."

US government bodies, including spy agencies, also spy on foreign governments and conduct sweeping data-collection. This includes, for example, tapping into undersea telecommunications cables, as exposed in documents leaked by former National Security Agency contractor Edward Snowden.

Some U.S. government sources said Washington would prefer to avoid engaging with China and other governments in public spats over activities that the United States itself pursues. They fear this could provoke foreign spies either to step up intelligence collection or tighten security measures, or both.

There was some support in Congress for publicly naming China.

"I think there is a lot of deterrence value in showing that you know who the adversary is," said Republican Senator Susan Collins, a member of the Senate Intelligence Committee, as she introduced legislation to boost government cybersecurity.

US officials said the Obama administration had not totally ruled out retaliatory measures against China for the hacking.

Even if new sanctions or other actions were undertaken, it was also possible Washington would not publicly link this to the hacking attacks, but rather advise China privately that the penalties are related to hacking, they said.