The Office of Personnel Management said that fingerprints of about 5.6 million people were stolen in a security data breach that was announced this spring. This number is 4.5 million more than what was initially reported. OPM further said that its ongoing investigation and analysis with the Department of Defense into the matter has resulted in the finding of additional stolen fingerprint records. Security clearance records going back several years were affected.
In a statement, Press Secretary, Samuel Schumach, said that OPM has “been analyzing impacted data to verify its quality and completeness.” He further added, “During that process, OPM and DoD identified archived records containing additional fingerprint data not previously analyzed.” As reported by Breitbart News, OPM did not reveal why its initial finding did not account for the 4.5 million people. Abuse of stolen fingerprints is “limited,” OPM said.
Since fingerprints, in contrast to technology, do not change over time, OPM allows that “this probability could change over time.” Ways to limit the potential for fingerprint abuse are being strategized by the FBI, DHS and DOD. OPM said that it will be offering credit monitoring service to the people who have been affected by the hack.
Ramesh Kesanupalli, a biometrics expert, says that the data breach can be a huge setback for U.S. spies, as reported by CNN. “A secret agent’s name might be different. But they’ll know who you are because your fingerprint is there. You’ll be outed immediately,” he said.
In June, OPM reported that personnel records of 4.2 million people had been stolen in the data breach. Another attack, a larger one, was reported by the agency the following month – which targeted about 21.5 million people. Background checks for U.S. government security clearances, and social security numbers, health records and fingerprint records, were targeted as part of the second attack. According to MSNBC, a total of 22.1 million people were affected in the two attacks. The agency said in its release that federal intelligence officials were working on how the data can be misused, and how the scope of fraudulent activity can be limited.
“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” the release said.
Also read: Federal Employee Data Hack Discovered Through Product Demo, Says Report; Union Discloses Info Breached By Chinese Hackers
The hackers entered the OPM network in May 2014 by using a contractor’s login information. While the first attack was discovered in April, officials say the hackers had been in the system since a year before. The second attack was discovered while the first one was being analyzed. The same hackers were responsible for both the attacks.
An official accusation was not made by the White House, but it did point its finger towards China. James Clapper, the Director of National Intelligence, called China a “leading suspect” during an intelligence conference in Washington. “You have to kind of salute the Chinese for what they did,” Clapper said. On the other hand, China dismissed the accusations of having any involvement in the data hack. According to NBC News, it said that American officials were “irresponsible” for accusing China.
OPM’s latest finding comes just ahead of Chinese President Xi Jinping’s visit to Washington. On the first night of his visit, he said that China is a “staunch defender” of cyber-security. “The Chinese government will not, in whatever form, engage in commercial thefts or support or encourage such attempts by anyone,” he said, further saying that China “is ready to set up a high-level, joint dialog mechanism with the United States on fighting cyber crimes.”
You might also be interested in: Russian Military Presence In Syria Strengthens, Satellite Photos Reveal