Office of Personnel Manager (OPM) Director Katherine Archuleta on Wednesday indicated the massive federal hack could have exposed the personal information of more than 18 million people, the total widely reported in recent days.
“It is my understanding that the 18 million refers to a preliminary, unverified and approximate number of unique social security numbers in the background investigation data,” she said during her opening statement at a House Oversight and Government Reform Committee hearing.
“It is a number I am not comfortable with at this time because it does not represent the total number of affected individuals,” she added.
It was the first time the federal personnel agency had publicly addressed a stream of reports about the increased total.
In early June, the OPM revealed that a breach had compromised roughly 4.2 million federal workers’ personnel files. Weeks later, officials acknowledged they had uncovered a second breach of a separate system that housed security clearance background check information.
That intrusion laid bare data on millions of military and intelligence community personnel and, potentially, those outside government, such as friends and family members who were named in background investigations.
Because of these complicating factors, “we do not have a more definitive number,” Archuleta said.
The agency is not sure yet if people named in background investigation files “should be considered individuals affected by this incident,” she added.
There may also be overlap between the two breaches, further muddying the math.
“We continue to analyze the background investigation data as rapidly as possible to best understand what was compromised,” Archuleta said.