The FBI has classified a cyber intrusion into one of its unclassified surveillance systems as a "major incident" under federal law and subsequently notified Congress in writing, the agency confirmed Friday.
The breach, suspected to involve China-linked hackers, targeted a system holding data from pen registers, trap-and-trace devices, and personally identifiable information on investigation subjects.
The FBI initially detected anomalous activity on the network on Feb. 17 and moved quickly to remediate it, the agency said in a statement.
Officials determined the access came through a third-party vendor and met the threshold for a major incident under the Federal Information Security Modernization Act.
Under FISMA, a major incident involves potential demonstrable harm to national security interests, foreign relations, or the economy or significant risks to personally identifiable information. The designation requires congressional notification within seven days of the determination.
The affected system manages returns from court-authorized surveillance tools that track incoming and outgoing calls and internet activity without capturing the content of conversations. It also stores personal data tied to FBI investigations.
The FBI first told Congress on March 4 that it was investigating suspicious activity on the system. It later attributed the intrusion to sophisticated actors using a commercial internet service provider's infrastructure as an entry point.
Multiple outlets, citing officials and congressional sources, identified China as the suspected perpetrator.
The bureau launched a criminal investigation and cybersecurity review following the breach. It had not publicly detailed the full scope of any data accessed or how long intruders may have remained in the system.
In its statement, the FBI said it "remains focused on countering nation-state and cybercriminal activity" while following required FISMA procedures.
The incident highlights ongoing vulnerabilities in federal networks, particularly those handling sensitive but unclassified law enforcement data.
The attack comes during broader concerns about supply chain attacks and nation-state efforts to map U.S. surveillance operations.
As of Friday afternoon, the FBI has not released further public details on the extent of the compromise or any potential operational impact.
Jim Thomas ✉
Jim Thomas is a writer based in Indiana. He holds a bachelor's degree in Political Science, a law degree from U.I.C. Law School, and has practiced law for more than 20 years.
© 2026 Newsmax. All rights reserved.