Even so, national security officials have acknowledged the seriousness of the intrusion. Before the scope was made public on Thursday, James B. Comey, Jr., the director of the F.B.I., called the breach “a very big deal,” noting that the information obtained included people’s addresses; details on their neighbors, friends and relatives; their travel destinations outside the United States; and any foreigners they had come into contact with.

“There is a treasure trove of information about everybody who has worked for, tried to work for or works for the United States government,” Mr. Comey said during a briefing. “Just imagine you are an intelligence service and you had that data, how it would be useful to you.”

Administration officials said it was the personnel office’s work to modernize its computer systems that first led it to detect the breach.

In April, the agency informed the Department of Homeland Security that it had found an intrusion, and the department went to work with the F.B.I. to learn more, said Andy Ozment, a top cybersecurity official at Homeland Security. That inquiry, he said, revealed that the intruder had broken into a network at the Interior Department that held a personnel office database, leading to the theft of records of 4.2 million current and former federal employees. It also found that there had been a computer intrusion at the personnel office itself, leading to the much larger trove of background check records.

Mr. Ozment said the hacker in both cases gained access to the computer systems “via a compromised credential of a contractor.”

The debacle has touched off a scramble by federal officials to bolster the security of their networks. Tony Scott, the government’s chief information officer, said every agency was racing to make improvements, including the use of basic tools like two-factor authentication that requires anyone with the password to a system to use a second, one-time password to log in from an unrecognized computer.

“This is important work across all of the agencies of the federal government to make sure that we greatly enhance the cybersecurity profile of the U.S. government as a whole,” Mr. Scott said.