We address the problem of constructing false data injection (FDI) attacks that can bypass the bad data detector (BDD) of a power grid. The attacker is assumed to have access to only power grid measurement data traces collected over a limited period of time and no other prior knowledge about the grid. Existing related algorithms are formulated under the assumption that the attacker has access to measurements collected over a long (asymptotically infinite) time period, which may not be realistic. We show that these approaches do not perform well when the attacker has access to measurements from a limited time window only. We design an enhanced algorithm to construct FDI attack vectors in the face of limited measurements that can nevertheless bypass the BDD with high probability. The algorithm design is guided by results from random matrix theory. Furthermore, we characterize an important trade-off between the attack's BDD-bypass probability and its sparsity, which affects the spatial extent of the attack that must be achieved. Extensive simulations using data traces collected from the MATPOWER simulator and benchmark IEEE bus systems validate our findings.