More than 20 million people had their personal information stolen when Office of Personnel Management (OPM) servers were breached by Chinese hackers last year, sources close to the agency are reporting.
The New York Times and the government are reporting 21.5 million, and CNN is reporting 22.1 million. ABC has reported 25 million.
In a statement, OPM said hackers stole the Social Security numbers of 21.5 million people, including 19.7 million individuals that applied for a background investigation.
In any case, the figure is much higher than OPM's original estimate of 4 million and amounts to roughly 7% of the US population.
OPM reports that the types of compromised information may also include Social Security numbers; residency and educational history; employment history; information about immediate family and personal and business acquaintances; and health, criminal and financial history that would have been part of your background investigation.
ABC notes that "US intelligence and law enforcement officials are particularly concerned over the theft of forms known as SF-86s that current and prospective federal workers, including certain military personnel, and even contractors submit for security clearances."
The 120-page questionnaire is an exhaustive examination of an applicant's personal history, including their financial records (including gambling addictions and any outstanding debt), drug use, alcoholism, arrests, psychological and emotional health, foreign travel, foreign contacts, and an extensive list of all relatives.
Experts fear the stolen information could be used by the Chinese government to blackmail, exploit, or recruit US intelligence officers, compromising the success and safety of agents operating at home and abroad.
"I'm sure the adversary has my SF-86 now," FBI Director James Comey said to a Senate panel earlier this week. "My SF-86 lists every place I've ever lived since I was 18. Every foreign travel I've ever taken. All of my family, [and] their addresses."
The hackers reportedly acquired these forms, which is "one of the most extensive national security questionnaires that exists," Michael Borohovski, CEO of Tinfoil Security, told Business Insider last month.
"Security-wise, this may be the worst breach of personally identifying information ever," he added.
Hackers who infiltrated OPM had access to the agency's security-clearance computer system for over a year, the The Washington Post reported, giving them ample time to steal as much information as possible from OPM's database of military and intelligence officials.
"If you underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that you are impacted by the incident involving background investigations," OPM stated.
The breach was partly a result of shoddy security practices.
OPM contractors in Argentina and China were given "direct access to every row of data in every database" when they were hired by the Office of Personnel Management (OPM) to manage the personnel records of more than 14 million federal employees.
The OPM "conducts more than 90% of all federal background investigations, including those required by the Department of Defense and 100 other federal agencies," Reuters has reported.
Members of the intelligence community, including FBI employees, were also affected by the breach.
As a result, spies who took OPM information will know "who the best targets for espionage are in the United States,” Michael Adams, a computer-security expert with more than two decades' experience in the US Special Operations Command, told The Daily Beast.
The agency also stores the results of polygraph tests, which is "really bad, because the goal of government-administered polygraph tests is to uncover any blackmailable information about its employees before it can be used against them," Borohovski said. "So it's really a goldmine of blackmail for intruders."
The massive breach — discovered by the network forensics company CyTech Services while it was doing a product demo of its new software package CyFIR for OPM in early June — was "classic espionage" on an unprecedented scale, a senior administration official told the New York Times last month.
Here's part of the statement from OPM:
While investigating this incident, in early June 2015, OPM discovered that additional information had been compromised: including background investigation records of current, former, and prospective Federal employees and contractors. OPM and the interagency incident response team have concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, primarily spouses or co-habitants of applicants. Some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen. Notifications for this incident have not yet begun.
NOW WATCH: The US Navy just tested a giant electromagnetic catapult
See Also:Recently retired CIA senior officer: 'I'm really glad to be out of the game'We may be witnessing 'the worst breach of personally identifying information ever'The US agency plundered by Chinese hackers made one of the dumbest security moves possible
SEE ALSO: 'We should be very clear: China is at virtual war with the United States'