Motherboard on how the massive hack on OPM is exponentially worse than everyone thought:

In the letter, according to the AP, AFGE’s president said that “Based on the sketchy information OPM has provided” during internal OPM briefings, the hackers got their hands on a slew of sensitive data such as “military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race data.”

And there’s more. Apparently the hack went unnoticed for more than a year, according to anonymous sources cited by ABC News.

“If [only] they knew the full extent of it,” a source briefed on the breach told ABC News.

According to the source, the breach affected OPM servers that stored forms filled out by government employees looking for security clearances. The information disclosed on these forms, according to experts, is “goldmine” for foreign spies, and “everything anyone would ever need for blackmail,” since they can include full biographies, family members data and even information on the applicant’s’ social life, including embarrassing information on past “legal, private, sexual” troubles, according to John Schindler, a former professor of national security affairs at the US Naval War College.

Consider me unsurprised. It seems the SF-86 data – the information all government employees provide when they are required to submit documentation for a security clearance – is a treasure trove. This would be such an obvious target that one would expect OPM to secure it as any high value asset should be protected.