OPM Hack: 5.6 Million Fingerprints (Not 1.1 Million) Were Stolen

23 Sep 2015 | Author: | No comments yet »

Fingerprints from 5.6 million people were stolen in huge U.S. data breach.

It’s safe to say that the Office of Personnel Management data breach was already bad news for government workers, but things just got a bit worse. More than a quarter of the victims in a cyberattack on the federal government — which lost data belonging to 21 million people — also had their fingerprints stolen, a federal agency said Wednesday. In a Wednesday press release, an OPM spokesman said the subset of individuals whose fingerprints have been stolen has increased from approximately 1.1 million to 5.6 million. The breach is significant because fingerprints are increasingly being used by government agencies, corporations and consumers for access to computers, buildings and other devices. “Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” Samuel Schumach, a spokesman for OPM, which is the federal government’s jobs agency, said in a statement. “However, this probability could change over time as technology evolves.” U.S. officials and private cybersecurity experts believe the OPM breach, which compromised data on 21.5 million individuals, was carried out by the Chinese government. That number, according to the agency, comes after OPM and the Defense Department identified archived records containing additional fingerprint data that were not previously analyzed. “An interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals,” the release reads.

Officials are quick to note that this digit data won’t be as useful to the hackers as the other sensitive information leaked through the attack (fooling a fingerprint reader requires some skill). The people in the hacked database included current and former federal employees, as well as people who had applied for background checks and their relatives.

However, there’s a concern that the thieves could find a way to misuse those prints — and it’s not as if you can change your fingers once they’ve been compromised. Biometric data may well serve as an authentication means in addition to a password or other changeable access method, but it cannot succeed by itself in a world where such information is difficult or impossible to secure. The stolen information includes Social Security numbers; findings from background check interviews; information about past addresses, education and jobs; criminal and financial histories; and “some information regarding mental health.” Many reports have linked the attack to Chinese hackers.

That includes 19.7 million individuals that applied for a background investigation and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants. Earlier this month, OPM and DOD awarded a contract to Portland, Oregon-based ID Experts for identity theft protection, identity monitoring, and data breach response and protection services in the hack’s wake.

Because people cannot (easily) change their fingerprints, iris patterns, gait or whatever, biometrics are far from the authentication cure-all that cheerleaders claim. The password has its problems, but it remains an indispensable part of strong authentication procedures, even if it requires some form of supplementation. You’ll get to keep your current user name (as long as it doesn’t contain invalid characters, in which case you’ll have to go through a few extra steps to make the transfer), and all your old comments will eventually (not immediately) migrate with you.

Here you can write a commentary on the recording "OPM Hack: 5.6 Million Fingerprints (Not 1.1 Million) Were Stolen".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site