The Federal Bureau of Investigation has deemed a recent cyber intrusion by suspected Chinese hackers into a sensitive internal surveillance system a "major incident."

The designation under the Federal Information Security Modernization Act, or FISMA, indicates the breach poses significant risks to U.S. national security, potentially involving the compromise of swaths of sensitive data on FBI systems. FISMA requires agencies to report such incidents within seven days if they could result in demonstrable harm to national security, foreign relations, public confidence, or civil liberties. Former FBI cyber official Cynthia Kaiser noted that thresholds for major incidents are high, with only a few declared annually across agencies.

The targeted system is unclassified but contains law enforcement sensitive information, including returns from pen register and trap-and-trace surveillance devices, as well as personally identifiable information on subjects of FBI investigations. These tools capture metadata such as calls to or from specific phones and websites visited by targeted devices, without content. Such data reveals FBI surveillance targets and could aid foreign intelligence or criminal groups.

U.S. investigators detected abnormal log activity on February 17 and attributed the sophisticated intrusion to hackers affiliated with the Chinese government. The breach leveraged a commercial internet service provider's vendor infrastructure. Remediation and forensic work continue, with the FBI notifying Congress of suspicious activity on March 4 and the major incident status earlier this week.

A White House meeting in early March included officials from the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency to address the breach. One U.S. official called the FBI's response quick but embarrassing, stating, "This is just a reminder that any unpatched vulnerability or any architectural weakness is going to be exploited by an adversary of this caliber."

The incident is not linked to a recent Iranian hack of FBI Director Kash Patel's emails. It follows earlier reports of Chinese state-sponsored activity, including the Salt Typhoon group's infiltration of U.S. telecoms and government networks since 2024.

Sen. Mark Warner, top Democrat on the Senate Intelligence Committee, said, "This incident is yet another stark reminder that the threat from sophisticated cyber adversaries like China has not gone away; in fact, it’s growing more aggressive by the day."

The FBI has declined to publicly comment on the designation.