Early last month, the news hit that the federal government’s Office of Personnel Management (OPM) had been hacked, compromising the records of millions of federal employees. It was one of the largest thefts of government data ever recorded, and caused a panic amongst current and federal employees.

In the wake of the breach, many experts said that the hack was likely worse than had been reported; it looks like they were right—to the tune of 21.5 million victims.

Via Fox News:

Hackers swiped Social Security numbers from 21.5 million people — as well as fingerprint records and other information from background check investigations — in the massive breach earlier this year of federal personnel files, the government acknowledged Thursday.

The Office of Personnel Management included the findings in a statement Thursday on the investigation into a pair of major hacks believed carried out by China.

“The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases,” the agency said of the second breach, which affected background investigation files.

21.5 million is a big number. This makes it feel huge:

We’re not just looking at one breach here, but a series of breaches. China has publicly denied responsibility for the attacks, but experts believe that what’s happening right now is part of a bigger plan:

A former senior intelligence official also told Fox News that the attack is not an isolated incident, but part of a broader campaign by China to build a massive database that can be used to earmark and index the intelligence for future use. This information is being aggregated, and the level of organization points to backing of Chinese military units.

The numbers are so high because a high-level security clearance requires a review every five years. Each time, the individual must supply three new references — meaning a single official could easily have personal information for over a dozen people in the system.

The extent of, and response to, the breach has already led to calls for the firing of top officials at OPM.

According to a statement released by OPM, the agency has been and will continue to work through their 15 point security improvement plan. They’re also upping their standards with regards to user login authentication, which was cited as a major weak point in OPM’s systems. They’re implementing two-factor Strong Authentication for all database users, and are expanding their continuous monitoring capabilities.

Let’s hope it works, because right now, US security and intelligence is looking like amateur hour compared to what a hacker can do.