UPDATE: Office of Personnel Management director Katherine Archuleta has resigned, one day after the agency said that as many as 25 million people were affected by the massive data breach.
The massive federal government data breach earlier this year compromised the personal information of 25 million people, the Office of Personnel Management acknowledged Thursday — substantially larger than the 4.2 million people initially disclosed.
According to ABC News, 19.7 million people who applied for security clearances had their Social Security numbers and other personal information taken, and 2 million relatives and others had their data breached — all in addition to the 4.2 million people first reported.
More than 1 million biometric fingerprints were also exposed.
"There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM's systems," the agency said in a statement.
China has been suspected as the source of the hack, but officials have not confirmed it. The Asian country has denied having any involvement.
The news comes just one day after FBI director James Comey called the hacking an "enormous breach" before the Senate Intelligence Committee.
Officials are particularly concerned about the theft of SF-86 forms, or the documents submitted by those applying for security clearances with the federal government. On the forms, applicants are asked to give personal information belonging to their relatives, friends, associates and foreign contacts going back years. They are also required to disclose any prior drug use, their financial history, mental health history and personal relationships, according to ABC News.
Such sensitive information could be used by the hackers to essentially blackmail the victims into giving up even more information, sources told the network.
The cyberattack is believed to have started two years ago when the systems belonging to government contractor KeyPoint Government Solutions were compromised. The information may have been available to the attackers for as long as one year.
OPM has begun implementing new cybersecurity measures in the wake of the breach and is offering monitoring and protection services to those affected.
Rep. Jason Chaffetz (R-Utah), who chairs the House Oversight and Government Reform Committee, called on OPM Director Katherine Archuleta and OPM's chief information officer to resign upon learning of this latest development Thursday.
"Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries," Chaffetz told the Associated Press."Such incompetence is inexcusable."
But Archulata also indicated Thursday that she has no plans of stepping aside.
"From the beginning of my time as the director of OPM, I have made cybersecurity a top priority and will continue to do so. OPM continues to take aggressive action to strengthen its broader cyber defenses and IT systems," Archuleta wrote in a blog post.
Follow Jon Street (@JonStreet) on Twitter