Hackers Took Fingerprints of 5.6 Million US Workers, Government Says

23 Sep 2015 | Author: | No comments yet »

Five times more fingerprints were stolen in OPM hack than first estimated.

The number of people applying for or receiving security clearances whose fingerprint images were stolen in one of the worst government data breaches is now believed to be 5.6 million, not 1.1 million as first thought, the Office of Personnel Management announced Wednesday. WASHINGTON, United States (AFP) – The massive breaches of US government records resulted in the theft of some 5.6 million sets of fingerprints, officials said Wednesday, raising their estimate from 1.1 million. The agency was the victim of what the U.S. believes was a Chinese espionage operation that affected an estimated 21.5 million current and former federal employees or job applicants.

The fallout from hack, already among the worst to hit the United States, has continued to grow as computer security investigators have mined their systems to determine what went wrong. During an “aggressive effort to update” cybersecurity within the agency, OPM in April discovered a breach that affected approximately 21.5 million federal employees and is thought to be the work of Chinese hackers. The latest estimate of the damage comes after OPM and Defense Department staff identified new records that had not been analyzed, OPM spokesman Samuel Schumach said.

More than 20 million people lost their records as part of the breach, and OPM’s new estimate means that roughly one-quarter of all those affected lost fingerprint data, in addition to information about their health, financial history and families. US officials have not publicly accused China of being behind the massive hack, but many private analysts say the incident is likely part of Chinese espionage efforts. The White House has said it’s going to discuss cybersecurity with Chinese President Xi Jinping when he visits President Barack Obama later this week.

Breaches involving biometric data like fingerprints are particularly concerning to privacy experts because of their permanence: Unlike passwords and even Social Security numbers, fingerprints cannot be changed. Federal experts believe the ability to misuse that data is limited&#—a fact that “could change over time as technology evolves,” OPM Press Secretary Sam Schumach said in a statement. Security analysts have said the loss of fingerprint records could be a nightmare for some U.S. officials, particularly intelligence and military officers who are used to operating covertly and try to avoid leaving any trace of their actions. He said the group also will try to develop ways to prevent the fingerprints from being misused. “If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” Schumach said. Jason Chaffetz, R-Utah. ” I have zero confidence in OPM’s competence and ability to manage this crisis.” As fingerprints increasingly replace passwords as a day-to-day security measure for unlocking your iPhone or even your home, security experts have grown concerned about how hackers might leverage them.

Any intelligence officer whose prints have been taken would face great risk in operating under an alias because those prints would give away someone’s true identity. They have bungled this every step of the way.” Although the U.S. government has never officially assigned blame for the cyber attack, some Obama administration officials have said they believe it was done by Chinese hackers. The theft and the government’s uneven response sparked criticism from Republicans and Democrats that more should have been done to protect the records. Mike Rogers, the director of the Pentagon’s National Security Agency, has said his agency was brought in to help. “Today’s blatant news dump is the clearest sign yet that the administration still acts like the OPM hack is a PR crisis instead of a national security threat,” said Republican Sen.

The outcry became so severe—particularly as word spread that the breach was much worse than expected—that OPM’s director, Katherine Archuleta, resigned in July. The stolen records included detailed biographical forms that federal employees must fill out to obtain security clearances, and they would have provided identifying information about friends and family in the U.S. and overseas. That kind of information would give the Chinese vast new opportunities to target people for recruitment, a process that can take years of intelligence-gathering. It also could allow the Chinese to pinpoint American intelligence officers abroad, given that CIA case officers are not in the database unless they held a previous government job.

Our partners
Follow us
Contact us
Our contacts

About this site