Chinese hackers appear to have accessed sensitive data on US intelligence and military personnel, American officials say.
Details of a major hack emerged last week, but officials have now given details of a potential second breach.
It is feared that the attack could leave US security personnel or their families open to blackmail.
The Office of Personnel Management (OPM), is yet to comment on the reports.
Officials, who spoke on condition of anonymity to the Associated Press, believe the attackers have targeted the forms submitted by intelligence and military personnel for security clearances.
The document includes personal information – everything from eye color, to financial history, to past substance abuse, as well as contact details for the individual’s friends and relatives.
Photo Getty Images
A 127-page vetting document called Standard Form 86 may have been accessed. Among the questions potential employees are asked:
In the past seven years, have you defaulted on any loans?
Have you ever voluntarily sought counseling or treatment as a result of your use of alcohol?
In the last seven years, have you illegally used any drugs or controlled substance?
A White House statement said investigators had a “high degree of confidence” that background information on government employees had been accessed.
Joel Brenner, a former US counterintelligence official, called the data a “gold mine” for hackers.
It is also believed the breach of personal data of US government workers announced last week may be far larger than previously reported.
Initial estimates put the number of people potentially affected at four million, but officials close to the investigation told AP that as many as 14 million might be involved.
The US has said the hackers, thought to be behind both attacks, are believed to be based in China. Beijing called the claims “irresponsible”.
The Obama administration meanwhile announced further measures to beef up cybersecurity on June 12.
A White House statement said: “Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure.”
President Barack Obama rode in an elevator this month with an armed security contractor who had assault convictions, in what appears to be another security lapse.
It happened on September 16 when Barack Obama visited the Centers for Disease Control and Prevention (CDC) in Atlanta.
The incident came to light on September 30, hours after Julia Pierson, the boss of the Secret Service, was grilled by Congress about a security breach at the White House.
An armed contractor with violent criminal record got in the elevator with President Barack Obama during his visit at the CDC in Atlanta (photo Reuters)
A Secret Service official confirmed the incident but declined to comment.
The gun was found when the man was questioned after taking a video in the elevator and was immediately fired by his employers, according to newspaper reports.
The Washington Post said the man had three convictions for assault and battery.
“This person was within arm’s length of the president with a gun,” said Utah congressman Jason Chaffetz, who was told of the incident by a whistleblower.
It will come as another embarrassment on the day when Secret Service Director Julia Pierson took responsibility before a hostile House oversight committee hearing for an “unacceptable” security breach at the presidential residence.
A second fence has been erected between the White House and a thoroughfare popular with tourists, local residents and workers, days after Omar Gonzalez scaled the main fence and entered the mansion through an unlocked door.
The Secret Service said the new fence created a “temporary buffer zone” while it reviewed its procedures.
The new barrier is a series of linked sections about 3.2ft high.
Omar Gonzalez, 42, is being held in connection with September 19 intrusion.
Authorities say the man was carrying a 3.5in knife and faces charges of unlawfully entering a restricted building carrying a “deadly or dangerous weapon”.
A second fence has been erected between the White House and a thoroughfare popular with tourists, local residents and workers
Omar Gonzalez, an Iraq War veteran, was previously stopped by Virginia police in July. Officers found two powerful rifles, four handguns and other firearms and ammunition in Omar Gonzalez’s vehicle along with a map marking the White House.
An unnamed federal law enforcement official told the Associated Press news agency Secret Service agents had interviewed Omar Gonzalez twice during the summer but concluded there was no evidence he was a security threat.
President Barack Obama and his family were not at the White House when the intrusion happened, having departed about 10 minutes earlier by helicopter.
The new fence went up late Monday evening.
The Secret Service, which protects the president, the vice-president, their families and visiting foreign dignitaries, in addition to other security duties, did not say how long the second barrier would be in place.
A review of security was initiated by Secret Service director Julia Pierson, who also ordered “the immediate enhancement of officer patrols and surveillance capabilities” around the White House.
Pennsylvania Avenue, which runs in front of the north facade of the White House, was closed to vehicular traffic in 1995 but remains highly popular with tourists as well as residents and office workers seeking a short cut through the parks surrounding the president’s home.
Since September 19, Washington DC residents and media figures have angrily rejected the suggestion the Secret Service screen pedestrians and cyclists who want to enter the closed stretch of Pennsylvania Avenue or block it off entirely.
Despite security warnings a shocking number of internet users continue to use some of the most blatant letter and number combinations.
In the wake of a security breach at Yahoo a Slovakian IT security company has released a list of the most commonly used passwords for hacked accounts.
ESET carried out a study of the almost half a million account details leaked online by an unknown hacker group, as reported by Yahoo News.
Analysts found that almost 1,700 (0.38%) of the hacked accounts were protected with the password “123456”, while 780 users opted for “password”.
In 2011 “password” was the most commonly used password, according to password management application maker SpashID.
Also in the top 10 were “welcome”,“abc123” and “qwerty”. They are easy to remember but also very easy to guess.
In the wake of a security breach at Yahoo a Slovakian IT security company has released a list of the most commonly used passwords for hacked accounts
ESET advised in a statement: “Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their account.”
The security breach happened on Wednesday when a hacker group has posted online the details of 450,000 user accounts and passwords it claimed to have stolen from a Yahoo server.
Anyone who is concerned an account was compromised in the Yahoo attack can visit security company Sucuri’s online check at labs.sucuri.net/?yahooleak.
The Ars Technica technology news website reported that the group, which calls itself D33DS Company, hacked into an unidentified subdomain of Yahoo’s website where they retrieved unencrypted account details.
The affected accounts appeared to belong to a voice-over-Internet-protocol (VOIP), service called Yahoo Voices, which runs on Yahoo’s instant messenger.
The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010.
The hackers’ website where the original claim was made, d33ds.co, was not available later on Thursday.
It was registered in February. Industry website CNET reported the hackers as saying the breach was intended as a ‘wake-up call and not as a threat’ and that Yahoo’s security was lax.
The Voices hack is one of several in recent months.
The business networking service LinkedIn admitted last month that 6.4 million member passwords had been stolen from its website.
US credit firms Visa, Mastercard and Discover have warned that credit card holders’ personal information could be at risk after a security breach.
The companies said there had been “no breach” of its own system, instead blaming a third party.
Security blog KrebsOnSecurity, which first reported the story, said industry sources believed more than 10 million cards may have been compromised.
Reports suggested the stolen details had been obtained in New York.
The Wall Street Journal quoted its own industry sources as saying card-processing firm Global Payments was the company that suffered the breach. Shares in the company fell by more than 9% on Friday.
Global Payments has not responded to requests for comment.
Visa, Mastercard and Discover have warned that credit card holders' personal information could be at risk after a security breach
None of the three companies, which are the three of the largest credit card processors would confirm how many customers were affected.
Visa and Mastercard, also used for debit cards of major US banks, said they had notified banks of the breach.
Discover Financial Services said it was monitoring accounts and would reissue cards if necessary.
In a statement, Mastercard said: “[We are] concerned whenever there is any possibility that cardholders could be inconvenienced and we continue to both monitor this event and take steps to safeguard account information.
“If cardholders have any concerns about their individual accounts, they should contact their issuing financial institution.”
Visa echoed Mastercard’s statement, emphasizing that its customers are not responsible for fraudulent purchases.
Gartner analyst Avivah Litan said she believed the breach was related to a taxi garage in New York City.
“So if you’ve paid a NYC cab in the last few months with your credit or debit card – be sure to check your card statements for possible fraud,” she said.
Sony music confirmed that Michael Jackson’s entire back catalogue has been stolen by internet hackers.
Sony music suffered its second major security breach in a year, with thieves targeting songs and unreleased material by Michael Jackson.
It’s alleged the hackers downloaded more than 50,000 music files, worth over $250 million, in the biggest ever cyber attack on a music company.
The news comes just a year after Sony paid $395 million for the seven-year rights to the songs following Michael Jackson’s death.
The contract with Michael Jackson’s estate also allowed Sony music to release 10 new albums, including material from studio sessions produced during the making of some of the megastar’s biggest albums.
Michael Jackson, who died in June 2009 at the age of 50, had recorded unreleased duets with artists ranging from the late Freddie Mercury and Black Eyed Peas singer Will.i.am.
In April the details of 77 million gamers were stolen after Sony’s Playstation Network was hacked. The breach cost Sony $167 million and hugely damaged their reputation.
Sony music confirmed that Michael Jackson's entire back catalogue has been stolen by internet hackers
The attack on the Michael Jackson files occurred shortly afterwards but has not been revealed until now.
The hack was discovered during routine monitoring of social networking sites, Michael Jackson fan sites and hacking forums.
A source close to Sony said: “Everything Sony purchased from the Michael Jackson estate was compromised.
“It caused them to check their systems and they found the breach. There was a degree of sophistication.
“Sony identified the weakness and plugged the gap.”
The hack has compromised the work of other artists managed by the firm, including songs by Jimi Hendrix, Paul Simon, Olly Murs, the Foo Fighters and Avril Lavigne.
The source added that the second breach happening so soon after the first “would have made investors and artists think, <<What other part of Sony isn’t secure?>>”
Last night Sony admitted there had been a security breach and that the Michael Jackson material had been stolen but refused to say how much the hackers downloaded.
A source within the company said that although the Michael Jackson estate had been told about the hack the company did not have to make the knowledge public as there was no customer data involved.
They added that computer experts had traced the hack to the UK by examining a “fingerprint” allegedly left behind.
The Serious Organised Crime division took up the case and two men appeared in court last week charged with offences under the computer Misuse Act.
They denied all charges and were remanded on bail.