The Office of Personnel Management (OPM) revealed Thursday that hackers have broken into its system and stolen the records of 21.5 million people, not 4.2 million as initially revealed.
The number accounts for 19.7 million former and current federal employees who have gone through a background check with the OPM for the last 15 years, as well as 1.8 million spouses and friends of these employees. All in all, some 7 percent of the entire population of the United States are affected by the breach.
Earlier this year, the OPM announced that hackers purportedly contracted by the Chinese government have stolen the sensitive information of 4.2 million people, including their Social Security numbers, health records and financial data. However, the Obama administration has acknowledged that a "separate but related" breach took place, putting in the hands of unscrupulous individuals the personal information of people five times more than the initial number disclosed in April.
The hacks are believed to be the biggest security breaches into the government's computer networks, and lawmakers from both parties are calling on OPM director Katherine Archuleta to step down from her post in the wake of the massive breach.
"It is time for her to step down, and I strongly urge the administration to choose new management with proven abilities to address a crisis of this magnitude with an appropriate sense of urgency and accountability," says Democratic Sen. Mark Warner.
However, Archuleta told reporters during a conference call that she is "committed" to her work and that the agency has been "working very hard" to ensure the security of its systems and employees. But multiple sources tell the National Journal that OPM has not yet chosen a contractor to provide fraud protection services to the millions of affected employees. In fact, OPM press security Sam Schumach says he is not aware of any request to contractors made by OPM.
CSID, the firm that was awarded the contract to provide protection for the first 4.2 million individuals whose information were stolen in the first breach, says OPM has not yet announced a contractor nor has it contacted CSID to extend its services to the additional 21.5 million people.
Photo: U.S. Dept. of Education | Flickr