FBI labels suspected Chinese breach of surveillance management network a "major incident"

The FBI has formally designated a suspected Chinese cyber intrusion into its internal surveillance management system as a "major incident" under federal law, the government's most severe cybersecurity classification. The breach was first detected on February 17 after analysts observed abnormal log activity. Officials said the attackers targeted an unclassified network used to administer court-authorized wiretaps and intelligence surveillance warrants. The affected environment held law-enforcement sensitive information, including call metadata, pen register and trap-and-trace returns, and personally identifiable information tied to subjects of active FBI investigations. Investigators believe the intruders entered through the infrastructure of a commercial ISP vendor rather than by directly compromising FBI systems, a supply-chain pathway resembling the "Salt Typhoon" campaign that hit major U.S. telecom providers in 2024. Former FBI cyber-division officials noted that the FISMA "major incident" threshold is rarely applied to the bureau's own systems. The classification requires notification to Congress and reflects the FBI's assessment that both personal-data exposure and acute national-security risks are involved. The White House, NSA, DHS, and CISA are participating in the investigation. The incident is the second major breach of U.S. law-enforcement data reported under the current administration.