We may be witnessing 'the worst breach of personally identifying information ever'
Retirees and up to one million former employees may have been affected, too, since much of the information in OPM's database dates back to 1985.
While the OPM has refused to disclose specifics about the information that may have been compromised, citing "security reasons," the OPM database is a known repository for extremely sensitive information.
OPM "conducts more than 90% of all federal background investigations, including those required by the Department of Defense and 100 other federal agencies," Reuters reported last week.
As such, a single employee may have as much as 780 separate pieces of personal information about them on file in the database, according to AP.
"Security-wise, this may be the worst breach of personally identifying information ever," Michael Borohovski, CEO of Tinfoil Security, told Business Insider on Friday. "There aren't a lot of details yet about what exactly was taken, but OPM is responsible for administering the SF 86, which is one of the most extensive national security questionnaires that exists."
Federal employees and contractors who want government security clearance have to disclose virtually every aspect of their lives via an 'SF 86' questionnaire which is then stored on OPM's largely unencrypted database.
The 120-page questionnaire is an exhaustive examination of an applicant's personal history, including their financial records (including gambling addictions and any outstanding debt), drug use, alcoholism, arrests, psychological and emotional health, foreign travel, foreign contacts, and an extensive list of all relatives.
The OPM also stores the results of polygraph tests, which is "really bad, because the goal of government-administered polygraph tests is to uncover any blackmailable information about its employees before it can be used against them," Borohovski said. "So it's really a goldmine of blackmail for intruders."