Hackers who breached US government databases stole personal information of 21.5 million people, officials say following an investigation into the attack widely blamed on China.
An update from the government's Office of Personnel Management on Thursday said those affected were 19.7 million who underwent a background investigation, and 1.8 million others, mostly spouses or cohabitants of applicants for government jobs.
The massive figure adds to the gravity of the breach, which prompted a series of hearings in Congress and widespread criticism of the state of US cyber-defences.
Officials said last month that 4.2 million personnel records were breached in a separate attack, but it was not immediately clear if there was any overlap in the two groups.
An inter-agency task force has been conducting a forensic investigation since the breaches were disclosed in June.
For the second incident, OPM said it "has now concluded with high confidence that sensitive information, including the social security numbers of 21.5 million individuals, was stolen from the background investigation databases."
Some of the records include findings from interviews conducted by background investigators and some 1.1 million include fingerprints.
OPM said that it had "no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM's systems."
But it said that for anyone who underwent a background investigation in 2000 or afterwards "it is highly likely that the individual is impacted by this cyber breach."