Feds acknowledge more than 5M fingerprints stolen in breach, far more than thought

Cyber SecurityThe number of people whose fingerprints were stolen in a historic breach of federal files has skyrocketed — from just over 1 million to an estimated 5.6 million, according to the federal agency that was hacked.

The Office of Personnel Management acknowledged Wednesday that the number of fingerprints stolen is far greater than initially thought.

The information was part of an array of sensitive files, including Social Security numbers, swiped in a hack estimated to have affected 21.5 million people total — including people who applied for security clearances and their families.

In a statement, OPM said the agency, together with the Defense Department, discovered during their review that more fingerprints were taken.

“The subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million,” OPM said Wednesday. “This does not increase the overall estimate of 21.5 million individuals impacted by the incident. An interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals.”

OPM issued the statement just as Pope Francis was beginning his visit to Washington, and speaking at the White House. Republican Nebraska Sen. Ben Sasse suggested the administration was trying to slip in the development.

 “Today’s blatant news dump is the clearest sign yet that the administration still acts like the OPM hack is a PR crisis instead of a national security threat,” he said in a statement. “The American people have no reason to believe that they’ve heard the full story and every reason to believe that Washington assumes they are too stupid or preoccupied to care about cyber security.”

The revelations also come as Chinese President Xi Jinping, whose country has been implicated by some in the breach but not formally blamed, prepares to visit Washington as part of his state visit.

President Obama has said that cybersecurity issues will be addressed during their meetings.

On Wednesday, OPM reiterated that anyone affected by the breach is eligible for identity theft and fraud protection services, “at no cost to them.”

OPM said “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” OPM acknowledged this could change “as technology evolves.”

“Therefore, an interagency working group with expertise in this area — including the FBI, DHS, DOD, and other members of the Intelligence Community — will review the potential ways adversaries could misuse fingerprint data now and in the future,” OPM said.

This is not the first time the government has acknowledged the breach was broader than initially thought.

In July, the administration disclosed that in addition to 4.2 million people whose records were stolen in an initial hack first revealed earlier this year, more than 21.5 million had their Social Security numbers and other sensitive information stolen in a second hack, believed to be the biggest in U.S. history.

Then-OPM head Katherine Archuleta resigned following the revelation.

The Associated Press contributed to this report.


Learn how to protect your LAN and WAN and important corporate information with Certified Ethical Hacking (CEH), Computer Forensics (CHFI), Security Analyst (ESCA), CISSP, and Cisco Security courses.  Cisco CCNA: Security starts soon followed by the Cisco CCNP: Security course.

CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America for the last 6 years combined.  CED Solutions is a CompTIA Partner, EC Council Partner, and many others and is one of the largest providers of training in North America.  The Atlanta facility provides IT training for up to 300 students per day, with separate buildings dedicated to training. CED Solutions provides training for thousands of students per year and students take up to 800 certification exams every two weeks.

Share this post