U.S. data hack affects 18 million federal employees

Washington

 The personal data of approximately 18 million current, former and prospective federal employees were affected by a cyber attack at the Office of Personnel Management - more than four times the 4.2 million the agency has publicly acknowledged. The number is expected to grow, according to U.S. officials briefed on the investigation.

 According to US officials, those affected could also include people who applied for government jobs, but never actually ended up working for the government.

 The same hackers who accessed OPM's data are believed to have hacked into an OPM contractor last year, KeyPoint Government Solutions, U.S. officials said. When the OPM breach was discovered in April, investigators discovered that KeyPoint security credentials were used to breach the OPM system.

 Some investigators believe that after that intrusion last year, OPM officials should have blocked all access from KeyPoint, and that doing so could have prevented more serious damage. But a person briefed on the investigation says OPM officials don't believe such a move would have made a difference. That's because the OPM breach is believed to have pre-dated the KeyPoint breach. Hackers are also believed to have built their own backdoor access to the OPM system, armed with high-level system administrator access to the system. One official called it the "keys to the kingdom." KeyPoint did not respond to CNN's request for comment.

 U.S. investigators suspect the Chinese government is behind the cyber intrusion, which are considered the worst ever against the U.S. government.

 The number of people affected is expected to grow, as hackers accessed a database storing government forms used for security clearances, known as SF86 questionnaires, that contain the private information of multiple family members and associates for each government official, these officials said.