A new report claims government spying software was stolen after a National Security Agency contractor stored confidential files on a personal device.

The NSA breach reportedly occurred in 2015, but it was not discovered until spring of 2016. According to the original report by the Wall Street Journal, the stolen data included code the NSA would use to infiltrate foreign computer networks and perform spying missions, as well as code used to defend U.S. networks.

The NSA breach reportedly occurred after a contractor removed highly classified materials from the agency network and stored them on a home computer. Unnamed sources claimed hackers working for the Russian government were behind the attack.

Although no evidence was given to support the story, Russia fears were stoked further by claims that the contractor was made a target because of his use of Kaspersky Lab software, implying the NSA breach might have been caused by the attacker exploiting Kaspersky Lab software on the device.

The NSA did not respond to requests for comment, but Kaspersky Lab released a statement reiterating its past denials of involvement with the Russian government.

"Kaspersky Lab is a private company and has no political connections with any government in the world, including Russia," the company said. "The only conclusion the company can make in the current situation is that it has become a pawn in a geopolitical conflict."

What the NSA breach means Jake Williams, founder of consulting firm Rendition InfoSec LLC in Augusta, Ga., said the transfer of classified files to a personal device was "a serious security issue whether Kaspersky was running on his machine or not." "The Kaspersky connection is secondary. If, as reported, the individual was a [Tailored Access Operations] developer, he would likely have been targeted by Russian hackers without Kaspersky's help," Williams told SearchSecurity. "The security in most home networks is simply insufficient to protect classified data." Williams added that there are many unanswered questions due to the lack of evidence presented in reports. "If forensic investigators found evidence of Russian hackers on the contractor's machine, then I believe they could attribute that activity correctly. But the article doesn't really stipulate what happened," Williams said. "I would be extremely careful of confirmation bias is this case. I would be skeptical of any forensic analyst who says they can tie the theft of files on the machine to Kaspersky software. Now, if the intelligence community has additional information that proves those files were collected by Kaspersky, then that's something else entirely. As it stands, this sounds like it could be a case of confirmation bias."