Word has leaked early Tuesday that the personal data of an estimated 18 million current, former and prospective federal employees was stolen by attackers in a cyber breach at the Office of Personnel Management, far more than currently disclosed by the Obama administration.
Specifically, it is four times worse than the 4.2 million records the agency has publicly acknowledged.
The 18 million number is even expected to grow, according to anonymous U.S. officials aware of the investigation.
Despite no disclosure to American taxpayers about the extent of the mishandling of employee records, FBI Director James Comey has nonetheless been using the 18 million estimate in a closed-door briefings to Senators in recent weeks.
That assessment is apparently based off of the OPM's own internal data, according to U.S. officials.
Yet the agency, and the Obama administration, refuses to level with the public, and potential victims, about the extent of the security lapses.
It is now understood that those affected include people who applied for government jobs, but never actually ended up being employed by the government.
The same hackers, who have been confirmed to be agents of the Chinese government, responsible for the breach of OPM's data are believed to have last year compromised an OPM contractor, KeyPoint Government Solutions, according to U.S. officials.
When the OPM intrustion was discovered in April, investigators identified KeyPoint security credentials that were used to breach the OPM records system.
It remains unclear as to why, after the intrusion last year, OPM officials did not block all access from KeyPoint, as doing so could have prevented more serious damage.
According to OPM officials, of course speaking anonymously, they don't believe such a move would have made a difference because the OPM breach is believed to have pre-dated the KeyPoint breach.
According to one official, the Chinese hackers had the "keys to the kingdom" for many years.
U.S. investigators have called the attack the largest data breach of the federal government in history but aside from that have refused to level with the public about just how serious the attack is and when investigators first knew about the breach.