Democratic and Republican lawmakers have been unsparing in their criticism of the personnel agency’s handling of the data breach and its aftermath — and its habit of periodically revising upward the amount of information that was lost. Government officials have not been able to explain publicly why it took more than a year to discover that information was leaving its systems at a tremendous rate.

Image Xi Jinping, the president of China, spoke at a dinner in his honor in Seattle on Tuesday. He and President Obama will meet at the White House on Thursday to discuss cybersecurity issues. Credit... Ruth Fremson/The New York Times

Senator Mark Warner, Democrat of Virginia, said in a statement on Wednesday that “the massive new number of employees’ fingerprints that was breached is shocking.” He continued, “And it does little to instill confidence in O.P.M. that it took them so long to detect that the number was so much larger than originally thought.”

He called for “lifetime identity protection coverage” for the affected employees and contractors. But that assumes there was a financial motive to the theft; officials say it seems more likely that it was a national security motive.

In testimony to a House committee recently, the director of the National Security Agency, Adm. Michael S. Rogers, said it had seen no evidence that the data lifted from the O.P.M. over more than a year had been used for any financial purpose, like gaining access to bank accounts or credit cards.

During Mr. Xi’s visit to Washington, he and Mr. Obama are expected to announce, at a minimum, that they are working on a set of rules for cyberspace that would amount to a first effort at a digital arms control agreement. But that would not cover traditional espionage, which both sides conduct against each other. So the theft of personnel files, which the administration has never publicly blamed on China, would not be covered.

In fact, the director of national intelligence, James R. Clapper Jr., said over the summer that if the United States had the opportunity to steal that much data about an adversary, it would probably try to do it. And testifying to Congress alongside Admiral Rogers recently, he pushed back at members of Congress who called the breach at O.P.M. an “attack.” Instead, he suggested, it was ordinary espionage.