Chinese hackers broke into the federal Office of Personnel Management computer system in March, apparently targeting tens of thousands of employees who applied for top-security clearance, The New York Times reported.
The Times, citing "senior American officials," said the breach had been tracked to China, but not necessarily the Chinese government. White House spokesman Josh Earnest said authorities have "no reason to believe that personal identifiable information was compromised."
Hacking has been a major point of contention in the U.S.-China relationship — with each side accusing the other.
The latest revelation comes as China's Communist Party leader Xi Jinping and U.S. Secretary of State John Kerry, meeting in Beijing, vowed to develop better economic and security cooperation. The meeting was the latest in a series of talks designed to improve the sometimes tumultuous relationship.
Kerry, asked about the Times story Thursday, said he had learned about it just as the meetings were getting underway and did not discuss specifics with Chinese officials.
"Apparently this story relates to an attempted intrusion that is still being investigated by the appropriate U.S. authorities," Kerry said. "It does not appear to have compromised any sensitive material. And I'm not going to get into any of the specifics of that ongoing investigation, but we've been very clear for some time with our counterparts here that this is in larger terms an issue of concern."
China quickly dismissed the report Thursday, The Wall Street Journal reported. The Journal quoted China Foreign Ministry spokesman Hong Lei, at his daily briefing, as saying China opposes hacker attacks.
"Some U.S. media and U.S. cybersecurity always smear China and create the theory that China is a cyberthreat, but they can't provide sufficient evidence of that," he said. "We feel strongly that these kinds of reports and comments are irresponsible and not worth a comment or refuting."
American officials told the Times the attack on the OPM was notable because hackers are always trying to breach government servers but seldom succeed.
Last year, the government acknowledged that hackers obtained employee and contractors' personal data at the Department of Energy. Agencies are required to reveal breaches in all cases involving personally identifiable information — but not in cases involving non-personnel-related government secrets.
"The administration has never advocated that all intrusions be made public," Caitlin Hayden, a spokeswoman for the Obama administration, said in a statement to the Times. "We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers' personal information. We have also advocated that companies and agencies voluntarily share information about intrusions."
In May, the U.S. made public an indictment accusing Chinese military officials of hacking into several several large U.S. companies, including Westinghouse and U.S. Steel, to steal volumes of trade secrets and intellectual property. It was the first time the U.S. has charged a state actor in a criminal cyber espionage case.
The Chinese hackers, using military and intelligence resources in Shanghai, downloaded massive amounts of industrial information, including strategic plans, from U.S. businesses, the indictment said. The indictment, out of western Pennsylvania, charges five military "hackers," officers in the Chinese People's Liberation Army, with directing a conspiracy to steal information from six American companies in critical industries, including nuclear power, solar power and metals.
No arrests have been made.