(Bloomberg) – Hackers stole Social Security numbers and other personal data for about 22.1 million people in breaches of the U.S. government's personnel office, the Obama administration said.
The Office of Personnel Management disclosed the results of an investigation into the hacks Thursday. The total includes new data related to the breach of security clearance applications as well as information previously released on the theft of personnel records.
"We live in a world where the cybersecurity threats we are facing are increasingly growing broader," Michael Daniel, White House cybersecurity coordinator, told reporters in a conference call announcing the findings. "The adversaries are growing more sophisticated."
The Chinese government is a leading suspect behind the attack, according to Director of National Intelligence James Clapper, some lawmakers and cybersecurity companies that conduct forensics investigations.
Daniel declined to confirm whether China was responsible. However, he indicated the Obama administration already has moved behind the scenes to take action in response to the attack.
"Just because we're not doing public attribution does not mean we're not taking steps to deal with the matter," he said.
Breach magnitude
Of the 22.1 million people, 21.5 million were affected in the security-clearance breach, including 19.7 million who applied for a background investigation and 1.8 million non-applicants such as spouses of applicants. In a separate breach, the agency said 4.2 million people had their personnel records stolen. Of those, 3.6 million are included in the total released Thursday.
Personal information, including fingerprints and passwords, from U.S. job applicants who went through federal government background checks while applying for security clearances was breached in the intrusions, which OPM discovered in April.
There's no evidence that the stolen data is being used for criminal or other nefarious purposes, Archuleta said.