According to a federal employee union, hackers may have gained vital information, including Social Security numbers, on every employee of the federal government.
That data includes military records and veterans status information, addresses, birth dates, job and payment histories, health insurance, life insurance, and pension information. It also includes age, gender, and race data, according to a letter sent to OPM Director Katherine Archuleta by J. David Cox, president of the American Federal of Government Employees. That letter was obtained by the Associated Press.
"We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous," the letter said.
"Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees."
For its part, the OPM has reportedly denied that every federal employee has been affected.
— Erika Gonzalez (@erika_news) June 11, 2015
While US officials have yet to publicly point fingers, US Senate Minority Leader Harry Reid stated that the hack was carried out by "the Chinese." The Chinese government has repeatedly denied any involvement in the data breach, especially in light of the fact that the US has presented no evidence to support its claims.
While the OPM has publicly downplayed the extent of the breach, insisting only limited personal data was compromised, the union based its findings on internal agency briefings.
The intrusion into OPM's systems began over a year ago, according to officials speaking to ABC News, and hackers were able to weed through four security "segments" over that time. Much of the stolen personal data was gleaned from SF-86 forms filled out by every federal employee seeking a security clearance. The breach was only discovered after OPM began upgrading its systems.
The OPM maintains that the information of family members of federal employees has not been affected by the breach, though US officials speaking on condition of anonymity to ABC have suggested otherwise.
"IF the SF-86's associated with this hack were, in their entirety, part of the stolen information, then that would mean the potential release of a staggering amount of information, affecting an exponential amount of people," the source said.
"Since the investigation is ongoing, additional PII exposures may come to light," an OPM official said Sunday. "In that case, OPM will conduct additional notifications as necessary."