Agency: Millions more government fingerprints deemed stolen

23 Sep 2015 | Author: | No comments yet »

Federal data hack widens: Nearly 6 million fingerprints stolen, not 1 million as 1st thought.

WASHINGTON — The Obama administration says the fingerprints of 5.6 million people who applied for or received a federal security clearance were stolen — not 1.1 million as first believed. More than a quarter of the victims in a cyberattack on the federal government — which lost data belonging to 21 million people — also had their fingerprints stolen, a federal agency said Wednesday.The federal Office of Personnel Management announced this week that it had underestimated fingerprint data stolen in a massive hack of its system earlier this year. “As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness,” a news release from the office stated. “During that process, OPM and DOD identified archived records containing additional fingerprint data not previously analyzed.” Letters will be sent to the people who were impacted by this breach, but, for now, experts reviewing the situation believe misuse of this data is limited. “However, this probability could change over time as technology evolves,” OPM’s statement acknowledged. “Therefore, an interagency working group with expertise in this area – including the FBI, DHS, DOD, and other members of the Intelligence Community – will review the potential ways adversaries could misuse fingerprint data now and in the future.” In July, when it was revealed that fingerprint data was included in the breach, CNN reported cybersecurity expert Robert Lee said the theft of this data, over passwords, for example, is particularly concerning. “It’s not like they have someone’s password. An estimated 21.5 million current and former federal employees or job applicants were affected in a data theft that experts say will give Chinese intelligence a huge leg up in recruiting informants.

Officials are quick to note that this digit data won’t be as useful to the hackers as the other sensitive information leaked through the attack (fooling a fingerprint reader requires some skill). However, there’s a concern that the thieves could find a way to misuse those prints — and it’s not as if you can change your fingers once they’ve been compromised.

The announcement doesn’t increase the estimate that the hack compromised sensitive information and Social Security numbers of 21.5 million individuals, some of whom were screened for U.S. government security clearances. The stolen information includes Social Security numbers; findings from background check interviews; information about past addresses, education and jobs; criminal and financial histories; and “some information regarding mental health.” Many reports have linked the attack to Chinese hackers. Ben Sasse (R-Neb.) said in a statement. “The American people have no reason to believe that they’ve heard the full story and every reason to believe that Washington assumes they are too stupid or preoccupied to care about cyber security.” Jason Chaffetz, chairman of the House Oversight & Government Reform Committee, also issued a statement blasting OPM because it “keeps getting it wrong.” “This breach continues to worsen for the 21.5 million Americans affected,” the Republican congressman from Utah said. “I have zero confidence in OPM’s competence and ability to manage this crisis.

You’ll get to keep your current user name (as long as it doesn’t contain invalid characters, in which case you’ll have to go through a few extra steps to make the transfer), and all your old comments will eventually (not immediately) migrate with you.

Our partners
Follow us
Contact us
Our contacts

About this site