FB pixel

Chinese hackers compiling a “facebook” of breached data

Categories Industry Insights

This is a guest post by Ryan Wilk, director of customer success at NuData Security.

Data breaches have consequences. Breaches of government agencies have serious and far-reaching consequences. For instance, a recent news piece reported that China is compiling a sort of hackers’ Facebook of U.S. government employees based on data stolen from multiple breaches.

The extensive breach of the U.S. Office of Personnel Management saw the leak of over 20 million current and former employees’ most personal data, containing medical records, addresses, dates of birth, job and pay history, health and life insurance, pension details and even demographic data. Frightening, isn’t it?

News of the OPM breach continues to develop, including the most recent news that 5.6 million fingerprints were also stolen in the attack, five times more than previously stated. And unlike things such as Social Security numbers that can be replaced, fingerprints are the kind of biometric measure that can be stolen and can’t be replaced. All of this leaked data is in addition to data already taken, compromising a significant amount of personal information thanks to the use of the 127-page Standard Form 86, a.k.a. the SP-86, used when assessing candidates for National Security Positions.

Security experts have been warning that they’ve seen an increase in Chinese hacking attempts of sensitive sites like the OPM, in line with what NuData’s own investigations has also seen in the last three months. Taking information stolen from that hack and adding it to data stolen in breaches like the Anthem and Blue Cross hacks, China is able to build up a robust database of information for nefarious purposes, profiling individuals they could then either impersonate or influence. A source for Fox News referred to the combined pool of data as “a private version of Facebook with much more detail about your life than even Facebook has that the Chinese now have access to.”

There is concern that not only could this private directory of U.S. government employees be used to embarrass, coerce or even impersonate staff, but that the data could filter down and affect the children and families of those affected by the breach. The stolen fingerprints are also worrying, putting field operatives at risk of discovery. Even outside of government espionage, the information they are gathering has a financial component. The more complete these profiles are, the more damaging the potential fraud.

It is easy to understand why the stolen fingerprints are worrying — biometrics are usually hailed as the ultimate measure, but physical scans like a fingerprint or a retina scan can be replicated. Spoofing fingerprints is no longer something from a sci-fi movie. It is happening and will increase more as cheaper tools make their way onto the Dark Web.

Behavior-based biometrics, however, can’t. The way we hold a phone, how fast we type, even the way we navigate a website can all be measured and create an un-stealable, un-spoofable profile. Moving to a system with a behavioral cornerstone means that the kinds of hacks perpetrated by the Chinese become less valuable and less useful when trying to leverage other systems.

DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.

Article Topics

 |   |   |   | 

Latest Biometrics News


‘Facial recognition is the easy part’: digital travel ID pilot results are in

Air travel has been getting more complicated. From security and passport checks to special documents such as COVID-19 certificates, passengers…


Worldcoin expands to Ecuador, set to resume in Kenya and Portugal

Chalk up a win for Worldcoin in Kenya, where authorities have dropped their investigation into the iris biometrics and digital…


Corsight, Segdboa supply facial recognition to São Paulo military police

Corsight AI has partnered with Segdboa to provide the São Paulo Military Police with advanced facial recognition technology, with the…


Vote begins on biometric injection attack standard

Europe’s standard for biometric data injection attacks is on track to be published in October of this year, and could…


Idex, Zwipe each strike biometric access card deals

Norway-based Idex Biometrics‘ access control system has received an integration order for biometric access cards, while fellow Nordic developer Zwipe…


Indonesian ports automate with HID FRT to reduce wait times

A case study from HID breaks the deployment of its facial recognition technology (FRT) for automated border control by Indonesian…


One Reply to “Chinese hackers compiling a “facebook” of breached data”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events