The Office of Personnel Management houses personal information for all federal employees. Those applying for security clearances would be expected to provide such information as foreign contacts, previous jobs, past drug use and other personal details, the newspaper reported.
The Times quoted an unidentified senior U.S. official as saying that the attack had been traced to China but that it wasn't clear whether the hackers were part of the government.
The Office of Personnel Management oversees a system by which federal employees applying for security clearances enter financial data and other personal information, the Times said, and those who maintain such clearances are required to update their information through that system. Agencies and contractors use the information to investigate employees.
The attack in March was not announced, even though the Obama administration has urged U.S. companies to share information about breaches in security with the government and with consumers, the newspaper reported.
"The administration has never advocated that all intrusions be made public," Caitlin Hayden, a spokeswoman for the Obama administration, said in a statement to the Times. "We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers' personal information. We have also advocated that companies and agencies voluntarily share information about intrusions."
Hayden said the administration had no reason to believe that personally identifiable information for employees had been compromised.