When anyone who's been hacked quickly says the damage is 'limited' there are good reasons to be skeptical. In the early hours and days of a data breach, such as the one suffered by the federal government last week, there are simply too many unknowns and plenty of reason to understate the damage.
Usually data breach victims don't want to alarm customers. In the case of the feds they don't want to look incompetent and don't want to panic the population.
So we were highly skeptical last week at their estimate that just some of the 4 million records stored with The Office of Personnel Management were compromised by a sophisticated Chinese cyber attack.
In fact, we told you as much. Turns out, we were right.
It was revealed on Thursday that the December breach was far worse than originally thought.
A union of federal workers said Thursday that the Chinese attackers had stolen the confidential information of every single federal employee, past or present, which is far more than was previously revealed by the Obama administration.
"We believe that hackers are have every affected person's Social Security number, military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more," American Federation of Government Employees President J. David Cox wrote in a letter to the U.S. Office of Personnel Management.
He also cites a stunning lapse in security: The Social Security numbers of employees were not protected with encryption algorithms, a standard security protocol for sensitive information. Cox called the lapse "absolutely indefensible and outrageous."
The attack isn't isolated, as it is similar to an attack in March 2014 that also involved federal employee records.
Security analysts believe that China is building a vast database of every single government employee in the United States. The purpose of the database appears to espionage.
With such information, the Chinese would be able to then trace, via their numerous other data breaches at healthcare providers and credit card processors, links to Chinese citizens.
They would then be able to exploit these relationships, either through bribes, patriotism or blackmail, to get federal employees to steal data and other secrets for the communist country.
In short, China now has a complete social network of anyone in the federal government and can now look for weak links to get information.
The Obama administration has declined to both speculate on the matter and address Chinese hacking directly.