In a report citing several officials, Associated Press said data on nearly all of the millions of US security-clearance holders, including the Central Intelligence Agency, National Security Agency and military special operations personnel, were potentially exposed in the attack on the Office of Personnel Management.