Hackers that breached US government databases stole the personal information of at least 21.5 million people, officials said on Thursday.
Those affected include government job applicants, federal contractors, and over a million of their partners, the Office of Personnel Management said.
The figure is more than five times higher than the number of people that were feared to have been affected.
The data breach, which came to light in April, was widely blamed on China.
Authorities in Beijing have publicly denied any involvement.
The breach prompted a series of hearings in Congress and widespread criticism of the state of US cyber defences.
Politicians from both parties demanded OPM boss Katherine Archuleta be fired.
House of Representatives Speaker John Boehner, a Republican, said President Barack Obama "must take a strong stand against incompetence in his administration and instill new leadership at OPM".
Last month, officials said personnel records of 4.2 million current and former federal government employees had been stolen in an incident.
'No misuse yet'
On Thursday, OPM said that while investigating that breach they discovered additional information had also been compromised, including the social security numbers of 21.5 million individuals.
The stolen data also includes health and financial information, criminal records, and the names and addresses of government employees and their relatives.
Those affected include 19.7 million people who underwent background checks and 1.8 million others, mostly the partners of job applicants.
OPM serves as the human resource department for the US government. The agency issues security clearances and compiles records of all federal government employees.
The agency said that it had "no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM's systems."
But it said that for anyone who underwent a background investigation in 2000 or afterwards "it is highly likely that the individual is impacted by this cyber breach."
Last month, US intelligence chief James Clapper said China was the "leading suspect" in the massive data breaches.
His comments came after three days of high-level talks in which China and the US agreed to a "code of conduct" on cyber security issues.
Earlier this week, US Democratic presidential hopeful Hillary Clinton said China was "trying to hack into everything that doesn't move in America".
China has dismissed claims of involvement as "irresponsible and unscientific".