The Office of Personnel Management, the government agency that manages federal employees, announced Thursday that its network was breached in December 2014, potentially compromising the personal records of approximately 4 million former and current employees.

The Washington Post, citing unnamed government officials, reported that the attack originated from “Chinese hackers,” and was the “second major intrusion of the agency by China in less than a year.”

As the agency wrote in a statement:

Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.

The OPM has begun the process of notifying the potentially affected victims.