In 2015, the Office of Personnel Management (OPM) suffered a data breach, affecting the records of an estimated 21.5 million people. It was described by federal officials as one of the largest breaches of government data in the history of the United States. Now, almost four years later, data stolen from that cyberattack has been found in use.

As the federal agency that manages the government’s civilian workforce, OPM had a lot of sensitive–and valuable–information in its database. The Washington Post reports, “The huge heist included information such as Social Security numbers and past addresses, but also security-clearance files containing extensive details about friends, family, relationships and finances for a range of highly sensitive government jobs.” All the material one would need to steal someone’s identity in spectacular fashion. And, that’s exactly what happened.

In federal court this week, a woman admitted that she took out fraudulent loans using the identities of victims from the OPM data breach. Reportedly, the woman was part of a group that capitalized on the stolen data. They would apply for loans using victims’ names. Once the accounts were set up, they would cash loan checks or get wire transfers from those accounts.

The value and longevity of the data stolen from OPM goes much deeper than just credit card information because of the many personal details that relate to an individual’s identity. Jamie Winterton, a data breach expert and director of strategy for Arizona State University’s Global Security Initiative told The Washington Post, “Unlike a credit card the bank can easily replace, this has staying power that can be exploited for years down the line.”

The news has stirred up fresh calls for regulations and legislation to protect against identity theft, especially in the aftermath of the Equifax data breach.

Get the full story at The Washington Post.