FBI Labels Chinese Hack of U.S. Surveillance System a Major Security Incident

China is the identified culprit behind a cyber breach of FBI systems that poses a direct threat to national security, and the bureau has formally classified the intrusion as a "major incident," a legal designation with immediate institutional consequences. The hack targeted FBI systems in the Virgin Islands, not FBI headquarters, according to a source familiar with the matter, with a senior law enforcement official confirming the national security risk.

Investigators have not formally named the threat actor responsible for the breach, but the methods described in the congressional notification closely resemble those used by Salt Typhoon, the advanced persistent threat group linked to China's Ministry of State Security.

Under federal law, a cyber breach is declared a "major incident" only if it involves the compromise of personally identifiable information that could cause demonstrable harm. That determination signals the FBI concluded hackers successfully extracted or accessed significant data held directly on bureau systems. The formal declaration carries immediate consequences: it obliges the FBI to brief relevant congressional oversight committees, produce a remediation plan, and submit to scrutiny from the Office of Management and Budget.

Salt Typhoon's reach across American infrastructure runs deep. The group came to widespread public attention in 2024, when it was revealed to have breached nine major U.S. telecommunications companies, including AT&T, Verizon, and Lumen Technologies. That campaign gave the group access to call records covering a substantial portion of the U.S. population and allowed it to intercept communications from senior government officials, Trump campaign staffers, and Biden administration personnel. Exploiting systems used to fulfill CALEA requests, the hackers accessed metadata from the calls and text messages of more than a million users, most located in the Washington, D.C. metro area, and in some cases obtained actual audio recordings of telephone calls. Senator Mark Warner, chairman of the Senate Intelligence Committee, called that earlier telecom campaign "the worst telecom hack in our nation's history."

The FBI breach is the second major hack of U.S. law enforcement data under the current administration. In mid-2025, suspected Russian-linked hackers breached the case management system used by federal judicial districts, accessing sensitive data and reportedly attempting to alter court records in cases involving Russian government suspects. March 2026 alone brought three separate FBI cybersecurity incidents: the surveillance network breach, disclosure that a 2023 hack of the bureau's New York field office had exposed files from the Jeffrey Epstein investigation, and a breach of FBI Director Kash Patel's personal email.

The bureau is simultaneously grappling with internal staff reductions and a proposed budget cut of approximately $500 million that critics argue has weakened the very cyber defenses now under attack.

Ross Filipek, chief information security officer at Corsica Technologies, said that if Salt Typhoon's involvement is confirmed, "the impact could extend beyond a single incident into a sustained counterintelligence problem." FBI Deputy Assistant Director Michael Machtinger underscored that alarm at an industry conference in February 2026, stating that Salt Typhoon's threats were "still very much present today."

The architecture of the breach carries a particular irony: by targeting CALEA-compliant systems, the suspected hackers turned the government-mandated wiretap infrastructure designed to aid American law enforcement into a sustained entry point for Chinese intelligence. The FBI's own surveillance systems now appear to be the latest victim of the same logic.