It could be weeks before the federal government notifies the 21.5 million people whose personal information was exposed by a breach in the government’s security clearance database.
The infiltrated agency, the Office of Personnel Management, is working with numerous federal departments to set up a centralized system to inform victims, Reuters reported.
The OPM will eventually look to hire an outside contractor to help with the eventual outreach but has not yet requested bids.
Former OPM Director Katherine Archuleta, who resigned on Friday amid the furor over the hacks, acknowledged last week that the OPM had not yet figured out exactly how it would reach out to the 21.5 million people.
The total includes 19.7 million contractors and employees who went through security clearance checks going back to 2000 and 1.8 million non-government workers, such as spouses and relatives, named in those checks.
The background investigation files housed in the security clearance database include Social Security numbers, past residency information, employment history and criminal and financial records, as well as fingerprints and other personal nuggets gained through in-person interviews.
The OPM initially said in early June that it had been hit by a breach that exposed 4.2 million federal workers’ personnel files. A week later, it acknowledged the second intrusion of the security clearance data, but the agency took another month to figure out the total number of people affected.
Almost all of the 4.2 million in the initial breach have been notified, the OPM said. Roughly 3.6 million people were hit by both breaches.