The CIA has withdrawn staff from the US embassy in Beijing, fearing data stolen from government computers could expose its agents.
In April, data about 21 million federal employees was stolen in a massive attack on the US Office of Personnel Management (OPM).
Security companies have blamed Chinese state hackers for the attack.
Removing the staff was a "precautionary measure", agency officials told the Washington Post.
Information about CIA staff was not in the massive cache of files stolen from OPM computers, but other records about background checks carried out by the State Department on employees were copied in the raid.
The CIA fears that by comparing the list of those who have been checked with the roster of known embassy personnel could help the Chinese expose its intelligence workers.
Those working at the embassy but not checked by the State Department were CIA agents, said the newspaper, citing "unnamed officials".
The CIA declined to comment directly on the matter.
The danger that trawling through the data would expose intelligence agents was also raised by James Clapper, the US director of national intelligence, during a hearing before the Senate Armed Services Committee.
Mr Clapper said the breach had "potentially very serious implications" for the intelligence community by identifying its agents in other countries.
"This is a gift that's going to keep on giving for years," he told the Senate committee looking into the cyber-threats facing the US and the steps the nation took to combat them.
He added the US itself engaged in the types of cyber-attacks China had been accused of.
"We, too, practice cyber-espionage," he said. "We're not bad at it."
JUSTCLICK & CONNECT