We're getting our asses kicked Hackers got every federal employee’s data: union By Bob Fredericks June 11, 2015 | 4:09pm Modal Trigger Photo: Shutterstock The vital personal data of every current and former federal employee and retiree was swiped in a massive Chinese hack attack, a union boss revealed yesterday. The information included Social Security numbers, birthdays, addresses and other data that can put the victims at risk for identity theft. The hackers, who infiltrated the Office of Personnel Management, also pilfered the military records, job and salary histories, insurance information, gender and race data of millions of Americans, said J. David Cox, head of the American Federation of Government Employees. “Based on the sketchy data OPM has provided, we believe that the central personnel data file was the targeted database, and that the hackers are now in possession of personnel data for every federal employee, every federal retiree, and up to 1 million former federal employees,” Cox wrote in a letter to OPM Director Katherine Archuleta. “We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” he added. The personnel-data file contains up to 780 pieces of information about each employee. The hack is more damaging than the Obama administration — which hasn’t publicly accused the Chinese government of the cybertheft — has acknowledged and affects far more than the 4 million victims previously announced. Sen. Harry Reid (D-Nev.) — one of eight lawmakers briefed on the most secret US intelligence — said on the Senate floor that “the Chinese” were to blame for the unprecedented security breach. Sen. Susan Collins (R-Maine), an Intelligence Committee member, also said the hack came from China, which has denied blame. An angry Cox said the 18 months of credit monitoring and $1 million in liability insurance that the federal government has offered the affected employees is “entirely inadequate, as compensation or protection from harm.” The breach occurred in December but was not discovered until April. After it was publicly revealed last week, the OPM inked a $20 million deal with private cybersecurity experts to provide identity-fraud protection for the employees whose information was snatched.