OPM-hack
Pictured is the U.S. Office of Personnel Management building in Washington, June 5, 2015. Reuters

Authorities have not yet officially notified 21.5 million Americans, whose personal information was compromised in a massive hack of government databanks that was discovered two months ago, a report said Tuesday. The cyberattack, which occurred in early May, exposed confidential data that the Office of Personnel Management (OPM) gathered for security clearances investigations for millions of federal employees and contractors.

According to officials, the OPM, whose systems were infiltrated by the hackers, is currently working with other agencies to set up a new system to inform the victims of the security breach, Reuters reported. However, an official at OPM reportedly said that the complicated nature of the data and the fact that government officials often move among different agencies could delay such a mechanism for weeks.

The government has been trying to form a centralized system to inform the victims of the hack, while OPM is likely to hire an outside contractor for the work.

Last week, Katherine Archuleta, the beleaguered head of the OPM, resigned amid increasing pressure in the wake of two massive hacks against her agency. Archuleta’s resignation came a day after the much larger breach, discovered in May, was made public.

Hackers compromised data of 19.7 million contractors and employees who applied for security clearances, and 1.8 million “non applicants,” whose personal data was included in security clearance applications. According to OPM, anyone who opted for a security clearance background investigation through OPM in 2000 and afterwards is likely to be affected by the cyberattack, Reuters reported.

Almost all of the 4.2 million people, whose basic job application data were exposed in an earlier OPM hacking in April, have been officially notified, Reuters reported, citing a U.S. official. Many American officials blamed China for the breach, which reportedly exposed a weak federal security network that's unable to stop sophisticated cyberattacks.