Government Personnel Agency Admits Chinese Hackers Stole Personal Data About 21.5 Million Americans


China's big hack of sensitive government personnel records just got a whole lot bigger.

The Office of Personnel Management, which oversees government employee records (it's basically the government's HR department) announced today that sensitive personal information, including Social Security numbers, had been compromised for some 21.5 million people, in what appears to be a second major breach of government records. 

The information was stolen from background investigation databases, according to Reuters.

In addition to Social Security numbers, the information included "residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details," OPM said, according to National Journal

Most were for individuals who had gone through the background investigation process, but, according to National Journal, about 1.8 million of the affected people were family members of people who'd undergone background investigation. 

The 21.5 million people affected are in addition to the 4.2 million federal workers that already had background check material compromised via a "separate, but related" incident, Reuters reports. There's some overlap between the two groups. 

The smaller hack compromised, among other things, security clearance information for millions of former, current, and potential government employees. China also obtained dirt on an unknown number of government workers' sex lives, gambling habits, drug and alcohol addictions, and marital problems, according to a June report in The Daily Beast

All together, personal information for about 25 million people, or about 7.7 percent of the U.S. population, has been compromised by foreign hackers.

OPM has been reviewing its IT security, and announced last month that it was temporarily shuttering its background-info submission portal after a vulnerability had been discovered, although no breach had been detected through this particular vulnerability. 

As of mid-June, President Obama maintained that he still had confidence in OPM Director Katherine Archuleta, who served as the National Political Director on Obama's 2012 campaign, despite the first serious breach. We'll see how long that lasts.