That breach of the Office of Personnel Management’s security-clearance computer system may have only recently come to light, but that doesn’t mean it just happened. In fact, it started an entire year ago, according to new sources, meaning the government’s intruders had access to a whole lot more sensitive data than officials initially thought.

“This is some of the most sensitive non-classified information I could imagine the Chinese getting access to,” said Stewart Baker, a former National Security Agency general counsel.

The information in question is the personal, family, and financial details for millions of current, former, and prospective federal employees and contractors. This comes in addition to the much-publicized Chinese December-to-April hack of a U.S. personnel database that included the Social Security numbers of 4.1 million federal employees, both current and former.

The OPM is still determining just how much data was stolen and who was affected, but it’s tricky for two reasons: 1) The agency’s systems are antiquated, with some dating back to the mid-1980s. 2) The indefinite monster that is bureaucratic hurdles makes it a challenge to buy security tools quickly.

Meanwhile, the Obama administration has not officially named the Chinese government as the hacking perpetrator. But Washington’s fingers are pointing in China’s direction.