The hackers behind the biggest data breaches of the past year have reportedly struck again in a two-fold attack against American Airlines Group Inc. and flight reservation management giant Sabre Corp. that may have compromised millions of people. The information likely plundered through the cyberheist completes another piece of a complex identify puzzle being assembled in plain view.

The Chinese hackers believed responsible for the attack are suspected of having previously stolen medical records and other sensitive personal data belonging to some 80 millions Americans from Anthem Inc., according to sources close to the investigations cited in the Bloomberg report that broke the news. The insiders cited a common operating pattern behind the breaches.

Similar techniques were also used in an earlier hack against hospital operator Community Health Systems Inc. that claimed a more modest but still substantial 4.5 million records. The missing link between the seemingly disparate attacks of the Chinese group is their infiltration into the networks of the U.S. Office of Personnel Management.

That particular incident affected almost 20 million government workers, a sizable portion of whom have security clearances, along with many of their friends and family. The agency’s inadequately defended databases contained highly detailed information about everything from the addresses of the victims to their mental-health conditions.

That kind of data holds tremendous value on the black market, yet the hackers don’t appear to be interested in profiting off their attacks, at least not in the monetary sense.  Like the records stolen from Anthem, which are also worth a fortune, the plunder had never showed up in the any of the underground marketplaces security experts monitor for such activity.

The sources who tipped off Bloomberg to the attacks against American Airlines and Sabre therefore believe that their motivation lied in the fact that the healthcare giant handles insurance claims for several federal branches including the Defense Department’s Defense Health Agency. Anthem claims that it’s not aware of any attempts to access the data belonging to the subsidiary in charge of that part of its business, but that’s not much of a consolation.

In the likelihood that the hackers managed to get what they were looking for, that means they now not only know the personal, professional and medical histories of millions of government workers with security clearances but also where they traveled. It’s a testament to exactly how high the stakes have become in the realm of cybersecurity and the great cost of ignoring this dangerous new reality.

Photo via pixelcreatures