The body count is in: some 21.5 million individuals had their social security numbers, residency and employment history, family, health, and financial history exposed in the massive data breach of the Office of Personnel Management's (OPM) background-check investigation database.
Of the 19.7 million individuals who had applied for the background checks, 1.1 million had their fingerprint scans exposed as well. The remaining 1.8 million people affected by the breach were spouses or other members of the applicants' households, OPM said today.
"Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen," OPM said today in an announcement describing the findings from its forensics investigation of the breach.
The agency says so far there's no indication that the data has been abused or distributed anywhere. Security experts have pointed the finger at China, but OPM has not officially called out the source of the attack.
Who's affected? Anyone who had a background-check via OPM as far back as 2000. "If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely," OPM said.
The background-check system breach is related to a previous attack on OPM discovered in April that exposed personnel data on 4.2 million current and former federal employees. OPM has been under the microscope for its security failings in the wake of the attacks.
Read OPM's release here for more details on the latest breach information.