In light of this week’s information on a hack into federal employee data, we should be looking closely at how this breach occurred, how to prevent future hacks and what might be done with this information in the future.

Earlier this week it was announced that hackers, said to be working for the Chinese state, breached the computer system of the Office of Personal Management (OPM) in December of last year and 4 million current and federal employees’ data was compromised. This breach is particularly troubling as the OPM office has information including Social Security numbers, job assignments, performance ratings and background checks including individuals with high-level security clearances.

Typically, the theft of personal information online has been for the purpose of selling it on the underground market, where it can be used to break into someone’s bank account or identity theft. This case looks more like cyber espionage, which indicates the spies are stealing information for a larger purpose. Combined with recent hacks into insurance companies Anthem and Primera, is it disconcerting to think about the large amount of data now in the hands of the Chinese and what can be done with it.

Although there is no confirmation of any links to China in this most recent attack, federal officials have hinted at the connection. Meanwhile, Beijing dismissed the United States allegations that China was the source of an attack on federal workers’ data as “unscientific and irresponsible.”

Even though conversations equating cyber-security and national security are only beginning to take place, both companies and government agencies must learn from their mistakes and work to prevent further breaches.

In April, Obama confirmed the first sanctions aimed at curbing foreign cyber espionage and theft. The order authorized financial and travel sanctions against anyone participating in online attacks that posed a threat to the “national security, foreign policy, or economic health or financial stability of the United States.” Hopefully this will be a tool used in the future.

The intrusion detection service used by the Department of Homeland Security, known as EINSTEIN, which screens federal Internet traffic to identify potential cybe-rthreats, was able to identify the hack of OPM’s systems but only after the data had already been compromised.

These are both areas in need of improvement, counter-cyber attack technology as well as further policy and investigations to go after the hackers. In addition, only with complete cooperation with the Chinese government, can investigations be successful.

We cannot know the full repercussions of this most recent hack until more is known about what will be done with the data. Potentially, individuals can be blackmailed using their personal information, or the data can be used for financial gain, like accessing tax return information. Regardless, we must be watching closely for how the data will be used, and when it is, we must go after those who did it.