Hackers Nabbed 21.5 Million Social Security Numbers From Federal Employee Database

To quote Ron Burgundy in Anchorman, "Boy, that escalated quickly. I mean that really got out of hand fast." He was referring to a deadly and chaotic showdown between various news stations, but he could have just as easily been talking about a recent security breach at the U.S. Office of Personnel Management (OPM) that's much worse than originally thought.

It was initially reported that over 4.2 million current and former federal employees had their personnel data stolen as a result of the massive cybersecurity breach, but the Obama administration has now revealed that an additional 21.5 million individuals had their personal info compromised in the breach as well. That includes Social Security numbers and even some fingerprints.

U.S. Office of Personnel Management

OPM said there were two separate but related cyber-security incidents at play here. The first was discovered in April 2015, in which the agency discovered that 4.2 million past, present, and retired government employees has their personal information stolen, including their full names, birth dates, home addresses, and Social Security numbers.

While investigating the incident, OPM discovered in early June that additional data had been compromised, including background investigation records of 19.7 million current, former, and prospective Federal employees and contractors. Not only that, but 1.8 million non-applicants such as spouses and co-habitants of those subjected to a background check were also affected.

"While background investigation records do contain some information regarding mental health and financial history provided by applicants and people contacted during the background investigation, there is no evidence that health, financial, payroll and retirement records of Federal personnel or those who have applied for a Federal job were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express)," OPM said.

These combined incidents qualify as the largest cyberattacks ever into U.S. government systems.