Command Palette

Search for a command to run...

Discover

FBI Labels China-Linked Hack a Major Cyber Incident Targeting Sensitive Data

FBI Labels China-Linked Hack a Major Cyber Incident Targeting Sensitive Data
View gallery

A suspected China-linked breach of an FBI-managed surveillance system was formally labeled a “major cyber incident,” a rare designation that signaled hackers likely accessed highly sensitive law enforcement data with implications for U.S. national security and ongoing investigations nbcnews +1. The intrusion, first detected on February 17, targeted an unclassified but “law enforcement sensitive” system that stores surveillance returns and personally identifiable information on FBI investigative subjects politico.

The FBI told lawmakers the attackers broke in by exploiting infrastructure used by a commercial internet service provider’s vendor, effectively turning a private-sector foothold into a doorway into federal systems politico. The White House convened senior officials from the FBI, NSA and CISA in early March to assess the damage, while the bureau said publicly on March 5 it had “identified and addressed suspicious activities” and deployed all available technical capabilities in response hstoday +1.

What Was Breached — And Why It Matters for Investigations

According to a congressional notice described by multiple outlets, the compromised system holds “returns from legal process, such as pen register and trap and trace surveillance returns,” along with other law-enforcement-sensitive records and identifying data politico. That means hackers may have obtained metadata about calls and other communications collected under court orders, potentially revealing who the FBI was targeting, when, and how.

Officials and former agents warned such access could expose investigative methods and enable a foreign intelligence service to map U.S. law enforcement priorities or identify human sources nbcnews +1. One former senior FBI cyber official said China seeks “any information that can help them identify and track their own targets,” adding that intercept data and related metadata would directly advance that goal nbcnews. The full scope of what was accessed has not been made public, and no numbers of affected individuals have been disclosed.

A New Front in the U.S.–China Cyber Confrontation

U.S. investigators assessed the hackers used tactics similar to the 2024 “Salt Typhoon” campaign, in which Chinese state-linked actors infiltrated major telecom and internet providers and siphoned call records and wiretap-related data at massive scale nbcnews +1. That earlier operation touched networks serving hundreds of millions of users and yielded more than a million call records, according to subsequent analysis cisoseries, underscoring how access to telecom and vendor infrastructure can be repurposed against government systems.

The FBI’s decision to invoke the “major incident” label under federal cybersecurity law — a threshold former officials say is reached only a few times a year across government — immediately fed calls in Congress for tougher measures against Chinese cyber operations politico. Some lawmakers and experts urged more aggressive disruption campaigns, sanctions and stricter cybersecurity mandates for telecoms and critical infrastructure, while others cautioned that highly visible retaliation could escalate an already volatile cyber standoff with Beijing and further complicate broader U.S.-China relations cisoseries +1.

The Bigger Picture

The breach deepened a pattern in which Chinese government-linked hackers target the connective tissue of U.S. digital life — telecom backbones, vendors and unclassified but sensitive government systems — to quietly harvest data that can be mined for intelligence over years nbcnews +1. It also sharpened a policy debate in Washington over whether current defenses, reporting rules and deterrence strategies are adequate for an era when adversaries can move from private networks into some of the FBI’s most sensitive investigative tools.