The FBI has arrested a Chinese national who is facing charges related to the malware used in the 2015 data theft from the Office of Personnel Management computer systems — a breach that exposed the personal information of millions of people — according to US officials briefed on the investigation.
The arrest was made Wednesday after the man entered the US to attend a conference, according to the officials.
He faces charges related to creation of the Sakura malware, which the FBI has said was used the breach.
It was one of the worst data breaches to hit the US government, with hackers stealing sensitive information, including Social Security numbers, from security clearance forms of millions of government workers and job applicants.
The personal information of more than 21 million current and former US government employees or their spouses were compromised in the data breach.
An FBI spokeswoman confirmed the arrest.
OPM has said the breach compromised sensitive personal information of roughly 21.5 million people from both inside and outside the government. Of these, hackers obtained information from the security clearance applications — known as SF-86’s — of 19.7 million people. Another 1.8 million were non-applicants for US government jobs, mostly spouses and partners of applicants.
The FBI blamed the breach on Chinese government hackers and considered the damage to be potentially far-reaching to US national security.