Chinese hackers appear to have accessed sensitive data on US intelligence and military personnel, American officials say.
Details of a major hack emerged last week, but officials have now given details of a potential second breach.
It is feared that the attack could leave US security personnel or their families open to blackmail.
The Office of Personnel Management (OPM), is yet to comment on the reports.
Officials, who spoke on condition of anonymity to the Associated Press, believe the attackers have targeted the forms submitted by intelligence and military personnel for security clearances.
The document includes personal information – everything from eye color, to financial history, to past substance abuse, as well as contact details for the individual’s friends and relatives.
A 127-page vetting document called Standard Form 86 may have been accessed. Among the questions potential employees are asked:
- In the past seven years, have you defaulted on any loans?
- Have you ever voluntarily sought counseling or treatment as a result of your use of alcohol?
- In the last seven years, have you illegally used any drugs or controlled substance?
A White House statement said investigators had a “high degree of confidence” that background information on government employees had been accessed.
Joel Brenner, a former US counterintelligence official, called the data a “gold mine” for hackers.
It is also believed the breach of personal data of US government workers announced last week may be far larger than previously reported.
Initial estimates put the number of people potentially affected at four million, but officials close to the investigation told AP that as many as 14 million might be involved.
The US has said the hackers, thought to be behind both attacks, are believed to be based in China. Beijing called the claims “irresponsible”.
The Obama administration meanwhile announced further measures to beef up cybersecurity on June 12.
A White House statement said: “Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure.”