The cyber attack that potentially exposed information on 4 million people lasted far longer and may have done more damage than has been publicly acknowledged, according to an ABC News report.
The report, which relies on unidentified sources, says the initial intrusion into the Office of Personnel Management's systems happened more than a year ago. Once in, the hackers — believed to be from China — were able to roam through federal data, ultimately gaining access to SF-86 forms from federal employees seeking security clearances, among other records.
Related: OPM hackers tried to breach other fed networks
The OPM systems were housed by the Interior Department as part of a shared services center.
Officials told ABC that despite OPM's reassurances, information about family members of federal employees might also have been compromised.
Related: Massive OPM data breach went undetected for months
"If the SF-86's associated with this hack were, in their entirety, part of the stolen information, then that would mean the potential release of a staggering amount of information, affecting an exponential amount of people," said one unidentified official, quoted by ABC.
Read the full report at ABCNews.
Meanwhile, J. David Cox, president of the American Federal of Government Employees, said he believes that the hackers were able to take the personnel information of "every federal employee, every federal retiree, and up to one million former federal employees," the AP reported.
Cox made the allegation in a letter to OPM director Katherine Archuleta. In it, he said he believes, based on internal OPM briefings, that "the Central Personnel Data File was the targeted database,"
