The US Office of Personnel Management has revealed that more than 21 million US citizens who had undergone background checks for security clearances since 2000 had their personal data stolen by hackers.
Those exposed included 19.7 million people who applied for the clearances, plus 1.8 million non-applicants, mostly spouses or partners of applicants, OPM said. The personal data stolen included social security numbers, details that could be abused for identity theft.
The 21.5 million affected is in addition to information about 4.2 million current and former federal workers stolen in a separate but related incident. There is significant overlap between the two groups.
The United States has identified China as the leading suspect in the massive hacking of the US government agency, an assertion China's Foreign Ministry dismissed as "absurd logic."
OPM said that its investigation had found no information "at this time" to suggest any misuse or further dissemination of the information stolen from its systems.
Background investigation records contained some information on mental health and financial history provided by security clearance applicants and others contacted during their investigations.
The agency said there was no evidence that separate systems storing information on health, financial, payroll and retirement records of federal employees were affected by the hacking.
OPM said it is highly likely that anyone who went through a background investigation after 2000 was affected by the cyber breach. Those who underwent background checks before 2000 might be impacted but it is less likely, the personnel agency said.