OPM now says more than five million fingerprints compromised in breaches

23 Sep 2015 | Author: | No comments yet »

OPM Now Admits 5.6m Feds’ Fingerprints Were Stolen By Hackers.

WASHINGTON, United States (AFP) – The massive breaches of US government records resulted in the theft of some 5.6 million sets of fingerprints, officials said Wednesday, raising their estimate from 1.1 million. One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks. Officials said the latest analysis of the two breaches – widely attributed to hackers based in China – did not change the number of people affected, which remained at 21.5 million. US officials have not publicly accused China of being behind the massive hack, but many private analysts say the incident is likely part of Chinese espionage efforts.

When they steal 5.6 million of those irrevocable biometric identifiers from U.S. federal employees—many with secret clearances—well, that’s very bad. It also said an interagency working group including experts from law enforcement and intelligence community will review ways that the fingerprint data could be abused and try to develop ways to prevent that from happening. “If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” OPM said.

Officials are quick to note that this digit data won’t be as useful to the hackers as the other sensitive information leaked through the attack (fooling a fingerprint reader requires some skill). OPM, which serves as a sort of human resources department for the federal government, didn’t respond to WIRED’s request for comment on who exactly those fingerprints belong to within the federal government.

However, there’s a concern that the thieves could find a way to misuse those prints — and it’s not as if you can change your fingers once they’ve been compromised. But OPM had previously confirmed that the data of 21.5 million federal employees was potentially compromised by the hack—which likely originated in China—and that those victims included intelligence and military employees with security clearances. But that identity theft protection, which cost $133 million in likely misspent tax dollars, doesn’t begin to address the national security implications of having the fingerprints of high-level federal officials in the hands of hackers who are potentially employed by a foreign government. You’ll get to keep your current user name (as long as it doesn’t contain invalid characters, in which case you’ll have to go through a few extra steps to make the transfer), and all your old comments will eventually (not immediately) migrate with you. Aside from the 21.5 million social security numbers taken by attackers and the newly confessed 5.6 million fingerprints, the agency has also confirmed that hackers gained access to many victims’ SF-86 forms, security clearance questionnaires that include highly personal information such as previous drug use or extramarital affairs that could be used for blackmail. “The American people have no reason to believe that they’ve heard the full story and every reason to believe that Washington assumes they are too stupid or preoccupied to care about cyber security,” Senator Ben Sasse wrote today in an email.

Twitter-news
Our partners
Follow us
Contact us
Our contacts

About this site