FB pixel

Second OPM hack sees 1.1M fingerprint records stolen

 

Office of Personnel Management officials have confirmed that a data breach involving security clearance files has impacted some 21.5 million individuals, which included the fingerprint records of 1.1 million people, according to a report by Defense One.

This marks the first major details regarding the hack since OPM first revealed the security breach last month.

OPM will provide a “suite of services” to any individual whose personal information was compromised, which includes nearly everyone who underwent an OPM-led background investigation or reinvestigation since 2000.

Officials also said that it is possible that some individuals who underwent a background investigation before 2000 may have been affected by the heck, but the chances are “less likely.”

The personal information breached in the hack included details such as Social Security numbers; residency and educational history; employment history; information about immediate family and other personal and business relationships; health, criminal and financial history; and other details, OPM said.

OPM also experienced a security breach in May that affected 4.2 current and former federal employees.

The second breach, which specifically targeted those individuals who underwent background investigations, was discovered in late May as OPM was boosting security levels for its system following its first hack.

Approximately 3.6 million of the individuals impacted by the first hack were also affected by the second breach.

Andy Ozment, assistant secretary for cybersecurity and communications at the Homeland Security Department, said the forensics investigation into the second breach was “extremely complicated”, which required extra time to find out exactly who was affected by it.

Of the 21.5 million affected individuals, 19.7 million had applied for a background investigation and 1.8 million were non-applicants, primarily spouses or co-habitants of applicants, said OPM.

Additionally, the breached records include details from interviews conducted by background investigators while 1.1 million of the records also included fingerprints.

OPM will notify the affected individuals “in the coming weeks”. They will be provided with at least three years worth of free services, including full service identity restoration support and victim recovery assistance, identity theft insurance, identity monitoring for minor children, continuing credit monitoring and fraud monitoring services beyond credit files, as well as “educational materials and guidance” so that they can better protect themselves against potential fraud.

“For these 21.5 million people, a lifetime’s worth of information was exposed,” said Richard Thissen, president of the National Active and Retired Federal Employees Association. “They deserve nothing less than a lifetime of protection. Three years is not enough and will not bring peace of mind to those awaiting official notification that they were impacted by this incident.”

Several Democratic senators Barbara Mikulski, Md., Tim Kaine, Va., Mark Warner, Va., and Ben Cardin, Md., formally introduced the Reducing the Effects of the Cyberattack on OPM Victims Emergency Response (RECOVER) Act.

The legislation would provide lifetime credit monitoring to all individuals affected by the hacks as well as up to $5 million in identity theft protection.

Though administration officials have declined to divulge any information regarding potential suspects who may have been responsible for the hack, they did confirm that the hacker committed both breaches.

Additionally, Archuleta and other officials highlighted the progress made by multiple government agencies to improve network security as part of an Office of Management and Budget mandated “30-day sprint,” including increasing the use of two-factor authentication.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Yoti trumpets NIST age estimation results and testing plans

A new facial age estimation algorithm submitted by Yoti to the U.S. National Institute of Standards and Technology has placed…

 

Indonesia tests new digital ID system, calls on ASEAN to speed up DEFA negotiations

Indonesia is rolling out the limited release of its new digital government platform INA Digital. In this first phase, INA…

 

Colorado legislators wrangle laws on facial recognition in schools, data protection

Regulatory winds are blowing from both directions in Colorado, where a moratorium on AI facial recognition cameras in schools is…

 

Ethiopia kicks off digital ID enrolment drive in Addis Ababa

A month-long digital ID enrollment campaign gets underway in the Ethiopian capital, Addis Ababa, today October 10 in a move…

 

mDL authentication and biometrics among new modules from Veridocs

Kentucky-based authentication and identity management software maker Veridocs has launched modules for mobile driver’s license authentication, biometrics, mobile device verification…

 

Moldova works on aligning digital ID regulation with eIDAS 2.0

Moldova is working on aligning its digital ID regulation with the European Union and its Digital Identity (EUDI) Wallet. The…

Comments

10 Replies to “Second OPM hack sees 1.1M fingerprint records stolen”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events