According to a CNN report released on Tuesday, Federal Bureau of Investigation (FBI) Director James Comey estimated that 18 million, over four times more than the publicly acknowledged four million, current, former and prospective federal employees were affected by a breach of the United States government Office of Personnel Management.
The data of the U.S. government Office of Personnel Management, the agency that handles security clearances and U.S. government employee records and information, was breached last year by two massive cyber-attacks that were only recently discovered and revealed. Government officials originally said that the attack, which occurred in the OPM office as well as the Interior Department, could potentially affect four million people at every federal agency.
However, according to the new report released by CNN, that number is over four times more than what has been originally said. In the report FBI Director James Comey estimated that 18 million federal employees were affected.
Using the OPM's internal data, Comey presented the number to Senators in closed-door briefings throughout the recent few weeks, U.S. official briefed on the matter told CNN.
The agency's spokesman has said that they haven't verified the larger number, so far sticking by the over-four million estimate originally provided.
According to U.S. officials briefed in the subject, the number of people whose data is breached will continue to grow. This is because hackers accessed a data base storing SF86 questionnaire – government forms used for security clearances – which have private information about government officials' family members.
Following the discovery of the breach, a U.S. law enforcement official told Reuters that "a foreign entity or government" was believed to be behind the attacks, with authorities looking into a possible Chinese intrusion, according to the news agency who quoted a source close to the matter.
OPM officials are expected to attend multiple congressional hearings throughout the week to provide their take on the breach.
Last week, OPM auditors told a House Oversight and Government Affairs Committee that crucial databases storing sensitive national security information did not meet federal security standards.
Michael Esser, OPM's assistant inspector general for audits, wrote in testimony prepared for committee: "Not only was a large volume (11 out of 47 systems) of OPM's IT systems operating without a valid Authorization, but several of these systems are among the most critical and sensitive applications owned by the agency."