Looks like they attacked a vulnerability in the HR system to gain access to social security, addresses, and names of the people who worked in the system.
In the long term, it means the people working there will have to freeze their social for a bit, I don't think anyone is going to bother with the addresses except to sign up for stuff on amazon, pins and password resets, and a whole security analysis.
That being said the effects of this won't hit as hard as people think, however I do think it brings up a very important problem in the industry that is now being exploited.
In that HR does not have the proper tools to confirm/deny someone's identity.
This is the third time this year that we have seen this kind of attack used, it is also the third time it has cost the company dearly.
All the firewalls in the world will not help, if one human with window access is constantly able to break the system.
HR might have to become a human solution again rather then a telephonic one. In order to fix this problem