According to the Office of Personnel Management, the number of people affected by recent data breaches at the agency is more than 22 million people.
Roughly 4.2 million federal employees were affected by the first data breach, and more than 3.6 million of those employees were also affected by a second data breach of background investigation information, along with 17.9 million other current, former and prospective employees.
In a statement released Thursday, OPM indicated that if an individual underwent a background investigation in the year 2000 and afterwards, it is “highly likely” they were affected by the breach. It is still possible for any individual who underwent a background check before then to have been affected, though it is “less likely.”
According to OPM, the types of information in the records involved in the breach include Social Security numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history, and other details.
Some records also included interview information, fingerprints, and usernames and passwords that individuals used to fill out the background investigation forms.
After the new information was released, House Oversight and Government Reform Chairman Jason Chaffetz, R-Utah, once again called on OPM Director Katherine Archuleta and Chief Information Officer Donna Seymour to step down.
“Director Archuleta and Ms. Seymour consciously ignored the warnings and failed to correct these weaknesses,” Chaffetz said in a statement. “Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries. Such incompetence is inexcusable.”
Chaffetz also revealed some details about the numbers, including more than 1 million “biometric fingerprints” that were breached, though Chaffetz noted in a tweet that it was not confirmed whether finger print breach included members of the intelligence committee.
Rep. Don Beyer, D-Va., whose Northern Virginia district includes nearly 77,000 employees, said in a statement, “This is disturbing news, both in terms of our government’s IT failure and that tens of millions of Americans [who] lost the privacy of their personal data. We must and we will do better, and I will work closely with the Office of Personnel Management and others to ensure that improvements are rapid and deep.”
OPM is also offering services to those affected by the second breach, including credit monitoring services, identity theft insurance, fraud monitoring, and identity monitoring for children.
Correction, 5:11 p.m. A previous version of this story misstated the number of people affected by the OPM data breach.