FBI officials notified members of Congress that a cyber breach tied to China had been classified as a “major incident”, a federal designation reserved for intrusions that could threaten national security. The disclosure, first detailed by Fox News Digital, landed just weeks before President Donald Trump is scheduled to meet Chinese leader Xi Jinping in Beijing.
The hack targeted FBI systems located in the Virgin Islands, not the bureau’s headquarters. Fox News reported that China was the culprit. What exactly was compromised remains unclear, but the affected system contained law enforcement sensitive information, the kind of data no foreign adversary should ever touch.
The timeline tells its own story. Bureau officials first flagged suspicious activity to Congress on March 4, Politico reported. Weeks passed. Then, last week, the FBI elevated the breach to “major incident” status under the Federal Information Security Modernization Act, the 2014 law known as FISMA. That statute requires agencies to notify Congress of major security incidents within seven days after concluding a major incident has occurred.
This breach did not happen in a vacuum. It arrived several months after FBI Director Kash Patel traveled to China to press leaders there to cut off the flow of fentanyl precursors reaching South and Central America before entering the United States. The hack also comes against the backdrop of a long, aggressive Chinese cyber campaign against American infrastructure.
Former FBI Director Chris Wray famously said that bureau agents opened a counterintelligence case involving China roughly every 12 hours. Under Patel, the threat has not slowed. If anything, the scope has widened.
Consider the telecom sector. Corporate investigators working for an unnamed U.S. telecommunications firm found evidence that Chinese state-backed hackers had breached the company’s systems as far back as summer 2023, Breitbart reported, citing Bloomberg. The malware, known as Demodex, allegedly sat on the company’s systems for seven months, giving attackers deep, stealthy access. That intrusion predated the publicly disclosed Salt Typhoon campaign, which targeted major providers including AT&T and Verizon.
Salt Typhoon itself drew blistering criticism from senators on both sides of the aisle. After a classified briefing by the FBI, FCC, and CISA, lawmakers described the hack as something without precedent.
Sen. Marco Rubio called it out in blunt terms, as the Washington Free Beacon reported:
“It’s the most disturbing and widespread incursion into our telecommunications systems in the history of the world, not just the country, because of how massive our telecommunications system is.”
Sen. Josh Hawley was equally direct:
“I think the American people need to know the extent of the breach here. I think they will be shocked at the extent of it.”
That telecom breach involved the infiltration of dozens of companies. Phones belonging to officials, including then-President-elect Trump, were reportedly compromised. Deputy National Security Adviser Anne Neuberger acknowledged that none of at least eight breached U.S. telecommunications providers had succeeded in removing the hackers from their networks at the time of the briefing.
The latest FBI breach is different in target but familiar in pattern. Hackers appeared to penetrate the bureau’s system by leveraging a commercial Internet Service Provider’s vendor infrastructure, Politico reported. That method, exploiting a private-sector vendor to reach a government network, is a hallmark of sophisticated state-sponsored operations.
Several members of Congress were notified of the major incident classification earlier this week, one aide told Politico. Fox News reached out to the FBI for comment. The bureau’s response, if any, was not included in the reporting.
The breach could pose a threat to national security, Fox News reported. Yet the full scope remains hidden. Which specific FBI system was hit? How much data was accessed? How long were the hackers inside? None of those questions have public answers.
The timing creates an awkward collision. Trump is scheduled to meet Xi Jinping next month in Beijing. That summit will cover trade, fentanyl, and the broader U.S.-China relationship. Now it will carry the additional weight of a confirmed Chinese intrusion into the FBI’s own systems.
Patel’s earlier visit to China focused on stopping fentanyl precursors. The hack that followed suggests Beijing’s willingness to cooperate on one front while probing American defenses on another. That is not a contradiction for China’s intelligence apparatus, it is standard operating procedure.
The broader record is damning. Chinese hackers embedded in U.S. telecom networks as early as 2023. Malware that went undetected for months. A Salt Typhoon campaign that compromised phones belonging to senior officials. And now, an intrusion into an FBI system holding law enforcement sensitive data.
Senators who were briefed on the telecom breaches during the previous administration said there was no accountability. The question now is whether that changes. Under Patel, the FBI faces a test: can it secure its own networks while investigating China’s relentless cyber operations against everyone else’s?
FISMA exists precisely for moments like this. The law’s seven-day notification requirement is supposed to ensure Congress learns about major incidents quickly, not weeks or months later, and not through press leaks. The FBI first flagged suspicious activity on March 4. The major incident designation came last week. Whether that timeline meets the law’s standard is a question Congress should be asking.
The American public deserves to know what was taken. Taxpayers fund the FBI. Law enforcement officers trust that their sensitive information is protected. If China breached that trust, the response cannot be a quiet notification and a shrug.
Beijing keeps testing. The only question is whether Washington will keep letting the tests succeed.
By signing up, you agree to receive our newsletters and promotional content and accept our Terms of Use and Privacy Policy. You may unsubscribe at any time.