The Office of Personnel Management today announced that 5.6 million people are estimated to have had their fingerprints stolen in a December hack, up from the agency's initial estimate of 1.1 million.

Over the summer, OPM warned of a massive breach that leaked information of more than 21 million people.

During an "aggressive effort to update" cybersecurity within the agency, OPM in April discovered a breach that affected approximately 21.5 million federal employees and is thought to be the work of Chinese hackers.

Of those whose sensitive data was accessed, a subset of 1.1 million were thought to have had their fingerprints stolen. That number has now been increased to 5.6 million.

Federal experts believe the ability to misuse that data is limiteda fact that "could change over time as technology evolves," OPM Press Secretary Sam Schumach said in a statement.

The OPM has set up an interagency groupwith members of the FBI, Homeland Security, and Defense Department, among othersto review the ways hackers could potentially "misuse fingerprint data now and in the future."

Since June, OPM has been offering affected employees credit monitoring and ID theft protection; folks are also warned to be on the lookout for suspicious emails or calls that ask for personal information.

"Together with our interagency partners, OPM is committed to delivering high-quality protection services to impacted individuals," Schumach said. "The U.S. government will continue to evaluate the coverage being provided and whether any adjustments are needed in association with this incident."

OPM Director Katherine Archuleta resigned her position in July following the breach; Beth Cobert, the U.S. chief performance officer and deputy director for management at the OPM, stepped in as the agency's acting director.

The OPM was hit with a similar attack last year, but this year's breach is reportedly not related. A number of federal agencies have been the victims of cyber attacks in recent years, from the State Department and U.S. Postal Service to the National Weather Service and Energy Department.

Further Reading

Security Reviews