September 24, 2015 -
The Office of Personnel Management reported that it has discovered that 5.6 million individual’s fingerprints were stolen as part of the massive cybersecurity breaches the agency disclosed a few months ago, according to a report by the Washington Post.
OPM officials had initially estimated that the cyberattacks resulted in in the theft of 1.1 million people’s fingerprints when it first disclosed the information in the summer.
Meanwhile, the total number of affected people — which includes the more than 21 million former and current government employees whose Social Security numbers and addresses were stolen — remains the same.
The additional fingerprint data was found to be exposed during the OPM’s and the Department of Defense’s review of the theft of background investigation records, according to an OPM statement.
Both security experts and legislators are understandably upset about the latest revelation.
“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” said Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”
“OPM keeps getting it wrong,” said Rep. Jason Chaffetz (R-Utah). ” I have zero confidence in OPM’s competence and ability to manage this crisis.”
Federal experts believe that there is a limited chance that the stolen fingerprints will be misused, said OPM. However, the agency said this could certainly “change over time as technology evolves”.
An interagency working group comprised of law enforcement agents and intelligence community members is currently reviewing the different methods that the fingerprint data could be exploited, and find ways to stop these practices from occurring, said OPM.
“If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” OPM said.
OPM is currently in the process of notifying all the individuals impacted by the breach, all of whom will be offered free identity theft and fraud protection services.
Meanwhile, China is suspected of being responsible for the cyberattacks, possibly in an effort to kickstart its development of an enormous database on Americans, although U.S. government officials have yet to publicly point the finger at the country.
According to OPM spokesman Sam Schumach, the additional batch of exposed fingerprints was not identified until recently and that the OPM analyzed the data for several days before it went public.