The malware currently targets Oracle MICROS and other point-of-sale systems.
Approximately 4 million current and former federal employees may be affected.
The leaked data included names, birthdates, identification numbers and addresses.
A seven character password with special characters can be hacked in less than three minutes.
The company says malware was 'effectively deployed' on some of its point of sale systems between March 6 and April 17, 2015.
The leaked data includes user name, birthdates, email address, gender, location, relationship status and sexual orientation.
The bank says its domain name servers were hijacked last month.
'Over last 5 years my only interest has been to improve aircraft security,' Chris Roberts tweeted recently.
The company says it won't 'speculate on the scope of the intrusion,' since the investigation is ongoing.
Charles Eccleston allegedly designed and sent spear phishing emails targeting more than 80 computers at the U.S. Department of Energy.
If it doesn't have permission to overwrite the MBR, the malware destroys all files in the user's home folder.
Experts on a cryptography panel at the RSA conference reject the idea of the U.S. government holding encryption keys.