US government officials said that the hackers have stolen at least 21.5 million people’s data in the breach.
According to the Office of Personnel Management, the figure is almost five times higher than what they had feared to have been affected. The affected people include government job applicants, federal contractors, and over a million of their partners.
It was during April when this breach was discovered and the finger of blame was firmly pointed at China, although the authorities in Beijing have denied any involvement in the breach.
This breach resulted in a series of hearings in Congress and a widespread criticism of the state of US cyber defenses.
In the last alone, the officials recorded that 4.2 million records of current and former federal government employees data had been stolen. But as of now, there has been no misuse of that data.
While investigating this breach, it was identified that there was additional information that includes social security numbers, health and financial information, criminal records, names and addresses of government employees and their relatives was also compromised in the breach, said the OPM.
The OPM also said that they had “no information at this time to suggest any misuse of further dissemination of the information that was stolen from OPM’s systems.”
OPM is an agency that compiles records of all the federal government employees and also issues security clearances. It serves as the human resource department for the US government.
Commenting on the breach, Nicko Van Someren, CTO of Good Technology said that "The scariest thing about this breach is not just the scale of it, but the depth. The data that's been taken are the life histories of over 21m people, not just credit card numbers. It's enough to impersonate any of these people, which is bad enough from an identity theft perspective, but when they're government employees, it's potentially devastating."
UPDATE: Klaus Gheri, VP and GM of Network Security at Barracuda Networks has commented: “Most organisations are not doing enough to keep data safe. Largely unnoticed similar breaches happen daily in the corporate world.
"More than ever, security needs to be intelligent, scalable, and always available wherever end users happen to work, be it in the workplace, on a laptop or mobile device."