Number of Victims in Massive Hack of U.S. Government Rises Again

BreachWEB
The information of 25 million prospective, current and former government employees was compromised in Chinese hack of OPM, sources tell ABC News. Cliff Owen/AP

Updated | Hackers accessed more than 21 million prospective, current and former government employees' personal information in a massive breach of the U.S. Office of Personnel Management's (OPM) systems, the agency announced via press release on Thursday.

OPM is the agency responsible for managing the federal government's civil service. It is believed the OPM systems were first hacked in 2013. The first breach, discovered in April, was made public in June and was ultimately found to have compromised the personal data of 4.2 million people. The second breach was revealed a few days later. Both breaches were investigated by the FBI and Department of Homeland Security.

"Since the end of 2013, OPM has undertaken an aggressive effort to upgrade the agency's cybersecurity posture, adding numerous tools and capabilities to its various legacy networks," OPM's press release reads. "As a direct result of these steps, OPM was able to identify two separate but related cybersecurity incidents on its systems."

As recently as Wednesday, during a House hearing on the subject, the number of those affected by the second breach was pegged at as many as 18 million. On Thursday, however, OPM reported that the investigation into the hack was over and that 21.5 million individuals' background investigation records were compromised.

The background investigation records include: "Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details." In some instances, interviews, usernames and passwords and 1.1 million fingerprints were also accessed.

"While background investigation records do contain some information regarding mental health and financial history," the release continues, "there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted."

According to OPM, 19.7 million individuals that applied for a background investigation had their files stolen, as well as the information of 1.8 million non-applicants, such as applicants' spouses or co-habitants.

OPM's federal background check system, known as e-QIP, was suspended during the investigation and remains offline.

Update | This story has been updated to reflect OPM's press release.