Bolton Confirms China was Behind OPM Data Breaches

The White House confirmed that China is to blame for the two massive data breaches that exposed personal data of over 20 million federal employees.

If there was any doubt about who was behind the two massive data breaches at the Office of Personnel Management, now it can be laid to rest. White House National Security Adviser John Bolton said this week that China was behind the cyber attacks that breached OPM’s computer systems.

“You may recall seeing about the hacking of the Office of Personnel Management by China, where potentially millions of personnel records—my own included, and maybe some of yours, from former government employees—has now found a new residence in Beijing,” Bolton told reporters on Thursday.

“That’s the kind of threat to privacy from hostile foreign actors that we’re determined to deter,” he added.

Bolton was making the comments with respect to a new cybersecurity strategy unveiled by the White House this week. According to the White House, the new strategy “identifies bold new steps the Federal Government will take to protect America from cyber threats and strengthen our capabilities in cyberspace.”

The two data breaches at OPM left the personal data of over 20 million current and former federal employees exposed. Among the data left vulnerable were social security numbers, home addresses, and fingerprints of current and former federal workers.

The fallout from the event led to the resignations of both OPM’s director at the time, Katherine Archuleta, as well as the chief information officer, Donna Seymour.

The government offered free identity theft monitoring for those who were impacted as part of its damage control process after the breaches were announced, but that only lasts through 2026. Legislation was recently reintroduced in Congress to give free lifetime coverage to data breach victims. It is unlikely to pass, however.

Reports from government auditors issued earlier this year showed they still had concerns about OPM’s IT security, policies and procedures in the wake of the breaches. See OPM’s IT Systems Still Lacking Nearly Three Years After Data Breaches

About the Author

Ian Smith is one of the co-founders of He has over 20 years of combined experience in media and government services, having worked at two government contracting firms and an online news and web development company prior to his current role at FedSmith.