OPM Director Katherine Achulet
OPM Director Katherine Achulet testifies before a House subcommittee about the hack that has ravaged her department, and the government's cybersecurity reputation. Reuters/Jonathan Ernst

The millions of federal government employees who had their personal information stolen as part of the hack on the U.S. Office of Personnel Management might be able to buy it back. They would just need $140 million or so.

Names, phone numbers, addresses, Social Security numbers, personal relationships and other sensitive information belonging to as many as 14 million people was taken as part of the data breach. While the hack has widely been blamed on the Chinese government, a new analysis from Vocativ has discovered that some of the information taken in the breach might be for sale on criminal dark net websites like Agora, Alpha Bay and Nucleus.

Vendors were charging between 50 cents and $10 per data set, Vocativ reported, meaning that if the entire trove of data went on sale it would be worth $140 million, though only a fraction of the stolen files appear to be available.

The number of users on each site varies widely but information sellers on each forum updated their listings with “new [database] added” and “updated 4.22,” which Vocativ speculated could be a reference to the 4.2 million federal workers whose data was stolen.

The data, which apparently does not include information taken as part of the infiltration on the government's database of security clearance records, is so valuable because it enables foreign hackers to impersonate unsuspecting Americans.

It's not clear when the hack began or for how long outsiders lurked within government networks. The hack was first revealed in June and was shown to be more devastating in successive announcements. The OPM announced Monday it will suspend the online system that enables the government to conduct background checks for four to six weeks, or until it can complete “security enhancements.”