But there’s an even more serious aspect of this compromise: the threat it poses to American intelligence operations abroad, particularly to officers serving under various false identities, or “covers,” overseas. The Intelligence Community employs myriad cover mechanisms to protect the true identity of its spies posted outside the United States. Cover protects our officers and allows them to conduct their secret work without drawing as much attention to themselves. While many intelligence officers pose as diplomats, that is only one option, and some covers are deeper than others.

Regardless, all espionage covers are based upon credible narratives that rely on plausible details. Through a process the Intelligence Community calls back-stopping, any officer’s cover needs to look real and check out if tested. Thus, an American spy who is posing as an oil executive, for instance, has to have a “legend” in that industry that bears that out. Think business cards, company websites, or a team of ersatz oil industry colleagues. Just as another intelligence officer who poses as a diplomat better have his or records in State Department systems, to look plausible.

Any cover is only as good as its back-stopping, which will be paper-thin if a foreign intelligence service can determine that American spies operating under covers, both official and non-official, are not who they claim to be. “Spot the spook” used to be a difficult and time-consuming activity for hostile intelligence services. The OPM hack promises to make it fast and easy. The hackers now have access to information on literally millions of people. That makes it much easier to verify who is really who, and which agency they’re really in the employ of.