Richard Fernandez' Belmont Club blog for PJ Media carries a fascinating explanation of how the Office of Personnel Management data base of federal employee records was breached. The short answer, some OPM creep or dirty contractor gave the Chinese the passwords and set them up as counterfeit system officials.
Encryption wouldn't have helped, they were invited inside by someone with access to everything, very possibly a foreign national doing contract work. The agency's administrator seems to have been selected for her credentials as an aggressive advocate for diversity-at-any-cost.
Her first question concerning any OPM project to be contracted out, "Can we find vendors who aren't white males?" When you ask that question in IT you get Chinese or Indian answers. Next question: What can go wrong? Answer: Exactly what happened.