It turns out China hacked 7% of America

More than 20 million people had their personal information stolen when Office of Personnel Management (OPM) servers were breached by Chinese hackers last year, sources close to the agency are reporting.

The New York Times and the government are reporting 21.5 million, and CNN is reporting 22.1 million. ABC has reported 25 million.

Additionally, the Associated Press is reporting that hackers stole Social Security numbers from 21.5 million people in the breach.

In any case, the figure is much higher than OPM's original estimate of 4 million and amounts to roughly 7% of the US population.

Hackers who infiltrated OPM had access to the agency's security-clearance computer system for over a year, the The Washington Post reported, giving them ample time to steal as much information as possible from OPM's database of military and intelligence officials.

Stored in OPM's database are the SF86 forms of every American who has ever applied for government security clearance. The hackers reportedly acquired these forms, which detail sensitive background information and is "one of the most extensive national security questionnaires that exists," Michael Borohovski, CEO of Tinfoil Security, told Business Insider last month.

"Security-wise, this may be the worst breach of personally identifying information ever," he added.

The OPM "conducts more than 90% of all federal background investigations, including those required by the Department of Defense and 100 other federal agencies," Reuters has reported.

Members of the intelligence community, including FBI employees, were also affected by the breach.

As a result, spies who took OPM information will know "who the best targets for espionage are in the United States," Michael Adams, a computer-security expert with more than two decades' experience in the US Special Operations Command, told The Daily Beast.

The agency also stores the results of polygraph tests, which is "really bad, because the goal of government-administered polygraph tests is to uncover any blackmailable information about its employees before it can be used against them," Borohovski said. "So it's really a goldmine of blackmail for intruders."