The agency, which is responsible for security clearances and background checks, warned it was urging potential victims to monitor their financial statements and obtain new credit reports.
Investigators believe that the massive breach of the federal data system was carried out by the Chinese government, a law enforcement and U.S. official told CNN.
The Office of Personnel Management says only employees of the federal executive branch were affected by the hack they announced today.
Employees of the legislative and judicial branches, and uniformed military personnel, were not affected.
There are currently 2.7 million federal executive branch employees -- it's unclear if this affected every single one (plus former employees), or only a portion.
The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to eventually unearth the information breach in April 2015, the Department of Homeland Security said. A month later, the federal agency learned sensitive data had been compromised.
The federal agency learned of the breach in April 2015, the Department of Homeland Security said in a statement Thursday. A month later, the federal agency learned data had been compromised.
The FBI is now investigating what exactly led to the breach.
"We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace," the FBI said in a statement.
The federal personnel office said "personally identifiable information" had been breached, though didn't name who might be responsible.
The Washington Post and Wall Street Journal first reported Thursday that Chinese hackers were responsible for the breach.
California Rep. Adam Schiff, the top Democrat on the House Intelligence Committee, said hackers are one of the "greatest challenges we face on a daily bases."
"It's clear that a substantial improvement in our cyber databases and defenses is perilously overdue," Schiff said in a statement. "That's why the House moved forward on cybersecurity legislation earlier this year, and it's my hope that this latest incident will spur the Senate to action."
Russia is believed to have been responsible for a separate data breach earlier this week that made 100,000 Americans' tax returns vulnerable to criminals, when the Internal Revenue Service was attacked.