Hackers stole social security identification numbers and other highly sensitive information from at least 21.5 million people, officials said on Thursday.
The Obama administration had to confirm that the breach of US government computer systems was far worse than previously disclosed. Those affected include government job applicants, federal contractors and over a million of their partners, the Office of Personnel Management (OPM) said.
The scope of the data breach, believed to be the biggest in US history, is more than five times higher than the number of people that were feared to have been affected. Officials said earlier this year that the hackers had stolen records of about 4.2 million people.
The data theft, which came to light in April, was attributed to China, but Beijing has publicly denied any involvement. The administration has also acknowledged a second, related breach of the systems housing private data that individuals submit during background investigations to obtain security clearances.
That second attack affected more than 19 million people who applied for clearances, as well as nearly two million of their spouses, housemates and others who never applied for security clearances, the administration said.
Among the data the hackers stole was criminal, financial, health, employment and residency histories, as well as information about their families and acquaintances.
The new revelations drew indignation from members of Congress who have said the administration has not done enough to protect personal data in their systems, as well as calls for OPM director Katherine Archuleta and her top deputies to resign. Archuleta has insisted she will not step down.
US House of Representatives Speaker John Boehner said on Thursday: “After today's announcement, I have no confidence that the current leadership at OPM is able to take on the enormous task of repairing our national security.”
The government insisted there were no indications that the hackers have used the data they stole and the agency said that it had “no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.”
The administration says it has stepped up its cybersecurity efforts by proposing new legislation, urging private industry to share more information about attacks and examining how the government conducts sensitive background investigations.