The federal government is notifying millions of employees as it works to assess the impact of a massive data breach involving the agency that handles security clearances and employee records.



A foreign entity or government is believed to be behind the cyber attack. U.S. officials are investigating whether Chinese hackers were involved, Reuters reported, citing a source familiar with the matter.

"The FBI is working with our interagency partners to investigate this matter. We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace," an FBI spokesman told CNBC.



Read More How much are your records worth on the black market?

A congressional aide familiar with the situation, who declined to be named because he was not authorized to discuss it, says the Office of Personnel Management and the Interior Department were hacked. A second U.S. official who also declined to be identified said the data breach could potentially affect every federal agency.

The OPM plans to notify approximately 4 million individuals whose personally identifiable information (PII) may have been compromised in the breach, the agency said in a release.



"Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary," the release said.

The White House was considering a public announcement of the breach Thursday night or Friday morning, the second official said.

Read MoreRussian hackers read Obama's unclassified emails



The OPM is the human resources department for the federal government, and issues security clearances.

The federal division said it has recently worked on an "aggressive effort" to update its cybersecurity. As a result of these initiatives, in April the department detected the breach affecting its IT systems and data, the OPM release said.

The hacking "predated the adoption of the tougher security controls," the release said.

Dow Jones reported that a government source called the breach one of the largest thefts of government data ever.

—The Associated Press, Reuters and CNBC's Eamon Javers contributed to this report.