Last week, Chinese hackers were pinned for a large-scale attack which compromised the personal information of millions of current and former government employees. The breach targeted the Office of Personnel Management, and incited outrage from security firms and public officials over the lack of security surrounding the incident.
Now, the country's largest federal employee union, the AFGE, has claimed in an internal letter that the Social Security numbers and personal information of every single federal employee - 2.1 million people - have been compromised. Additionally, the AFGE claims Social Security numbers and personal information of 2 million federal retirees have been similarly compromised.
According to the letter obtained by the Associated Press, the hackers stole military records and veterans' status information, addresses, birth dates, job and pay history, health insurance, life insurance, and pension information, including age, gender, race data.
"We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous," the internal letter claimed.
"Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees."
The AFGE represents over 600,000 federal government workers, and is the largest federal employee union of its kind.
"AFGE is working closely with the Administration to determine the extent of the breach and explore ways to remediate it," said AFGE National President David J. Cox in a response to the breach late last week. "We will work with the Administration to ensure that all available measures be taken to secure the personal information of all affected employees, and that these measures be implemented as soon as possible. AFGE will demand accountability and will take every necessary step to see that the interests and security of the nearly 700,000 people we represent are addressed."
The scale of the attack was previously reported at around 4 million affected individuals, but the specific type of information compromised, as well as exactly how many employees were affected, was previously unknown.
There's also no word currently on whether any of the compromised data has yet been sold or put to use by its thieves.