Feds acknowledge more than 5M fingerprints stolen in breach, far more than thought
The number of people whose fingerprints were stolen in a historic breach of federal files has skyrocketed — from just over 1 million to an estimated 5.6 million, according to the federal agency that was hacked.
The Office of Personnel Management acknowledged Wednesday that the number of fingerprints stolen is far greater than initially thought.
The information was part of an array of sensitive files, including Social Security numbers, swiped in a hack estimated to have affected 21.5 million people total — including people who applied for security clearances and their families.
In a statement, OPM said the agency, together with the Defense Department, discovered during their review that more fingerprints were taken.
“The subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million,” OPM said Wednesday. “This does not increase the overall estimate of 21.5 million individuals impacted by the incident. An interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals.”
OPM issued the statement just as Pope Francis was beginning his visit to Washington, and speaking at the White House. Republican Nebraska Sen. Ben Sasse suggested the administration was trying to slip in the development.
The revelations also come as Chinese President Xi Jinping, whose country has been implicated by some in the breach but not formally blamed, prepares to visit Washington as part of his state visit.
President Obama has said that cybersecurity issues will be addressed during their meetings.
On Wednesday, OPM reiterated that anyone affected by the breach is eligible for identity theft and fraud protection services, “at no cost to them.”
OPM said “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” OPM acknowledged this could change “as technology evolves.”
“Therefore, an interagency working group with expertise in this area — including the FBI, DHS, DOD, and other members of the Intelligence Community — will review the potential ways adversaries could misuse fingerprint data now and in the future,” OPM said.
This is not the first time the government has acknowledged the breach was broader than initially thought.
In July, the administration disclosed that in addition to 4.2 million people whose records were stolen in an initial hack first revealed earlier this year, more than 21.5 million had their Social Security numbers and other sensitive information stolen in a second hack, believed to be the biggest in U.S. history.
Then-OPM head Katherine Archuleta resigned following the revelation.
The Associated Press contributed to this report.
CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America for the last 6 years combined. CED Solutions is a CompTIA Partner, EC Council Partner, and many others and is one of the largest providers of training in North America. The Atlanta facility provides IT training for up to 300 students per day, with separate buildings dedicated to training. CED Solutions provides training for thousands of students per year and students take up to 800 certification exams every two weeks.
CED Solutions provides training and certification for MCSD: SharePoint 2013 Applications Developer; MCSE: SharePoint 2013; Cisco CCNA; Cisco CCNP; Cisco CCNA Security; Cisco CCNP Security; Cisco CCNA Voice; Cisco CCNP Voice; Microsoft MCSA: Windows 2012 Server; MCSA: Windows 2008 Server; MCSA: SQL 2012 Server; MCSE: Business Intelligence SQL 2012 Server; MCSE: Data Platform SQL 2012 Server; MCSE: Desktop Infrastructure Windows 2012 Server; MCSE: Server Infrastructure Windows 2012 Server; MCPD: 6 Cert Visual Studio Developer; MCSD: Windows Store Apps C#; MCSD: Windows Store Apps HTML5; IT Healthcare Technician and many more.