The employee records from the Central Intelligence Agency were not included in the data cache from the Office of Personnel Management hack, according to government officials. However, that doesn't mean the CIA has been unaffected by the breach. The Washington Post reports that according to unnamed current and former US officials, the CIA pulled "a number of officers" from the US Embassy in Beijing as a precautionary measure following the breach—precisely because their names would not appear in State Department personnel files believed to have been obtained by Chinese intelligence operatives.

The question of how to respond to the OPM breach was raised yet again during testimony by intelligence and defense officials on September 29 before the Senate Armed Services Committee. The hearing on "United States Cybersecurity policy and threats" delved into the distinction being made by the Obama administration between electronic economic espionage and the hacking of government agencies and why the breach at the OPM was not considered an attack warranting a proportionate response from the US. No US official has gone on the record to attribute the OPM breach to China.

Director of National Intelligence James Clapper told the committee that while "we don't know in terms of specifics" what was taken in the OPM breach, it had "potentially very serious implications, first among them close to home [for me] in terms of the Intelligence Community and identifying people who may be under public status... This is a gift that's going to keep on giving for years." Still, he said, as "egregious" as the OPM breach was, it didn't amount to an attack on national infrastructure. "Rather, it would be a form of theft or espionage. We, too, practice cyber espionage. We're not bad at it."

At the same hearing, Senator John McCain, chairman of the Senate Armed Services Committee, said that the US is not confronting such digital attacks hard enough. "The problem is a lack of deterrence. The US has not demonstrated to our adversaries that the consequences of continued cyber attacks against us outweigh the benefit. Our adversaries view our responses... as tentative." In response to Clapper's characterization of the OPM breach, he snapped, "So it’s OK for them to steal our secrets that are most important because we live in a glass house? That is astounding."

When McCain asked Clapper if he believed that the agreement with China announced last week to cease economic cyber espionage would end China's hacking, Clapper responded that "hope springs eternal." Still, the director was not optimistic. "It will be our responsibility to look for the presence or absence of attacks," he told the committee, referring to the US intelligence community.