Subscribe

OPM hackers stole 5.6 million fingerprints. Now what?

The federal Office of Personnel Management said on Wednesday that 5.6 million fingerprint files, not 1.1 million, had been stolen in the massive data breach over the summer. OPM and other agencies are working to determine how those stolen fingerprints could be misused.

  • close
    The Office of Personnel Management revised the number of fingerprint data files stolen in a hack from 1.1 million to 5.6 million. Here, a migrant's fingerprints are recorded at the border between Serbia and Hungary on September 18, 2015.
    Tibor Rosta/AP
    View Caption
  • About video ads
    View Caption
of

Back in April, federal authorities realized that the computer systems of the federal Office of Personnel Management (OPM) were being attacked, and that hackers had stolen Social Security numbers, health information, and other data on more than 21 million current and former government workers and contractors. Among the data stolen were fingerprint files stored in the system – more than 5.6 million of them, according to a statement released on Wednesday by OPM. The agency had originally estimated the number of stolen fingerprint files at just 1.1 million.

OPM says it’s working with the FBI, the Department of Homeland Security, the Department of Defense, and other agencies to try to predict how attackers could use the stolen fingerprints, and to develop ways to mitigate the harm that might come to those whose data was stolen. “Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” OPM Press Secretary Sam Schumach wrote in the statement. “However, this probability could change over time as technology evolves.”

As more and more devices, from smartphones to laptops, ship with fingerprint readers included, the potential for misuse of stolen fingerprints grows. Attackers could couple fingerprint data with usernames and passwords to gain access to sensitive systems, or to identify government workers when they travel abroad. And while biometric security measures such as fingerprint and retina scans are in many ways more secure than old-fashioned passwords, they can never be reset if they’re stolen. 

Recommended: 40 iPhone tips and tricks everyone should know

The hack suggests that large-scale intrusion-detection measures aren’t keeping pace with increasingly sophisticated attacks against government computer systems. The Department of Homeland Security’s multibillion-dollar “Einstein” system, which has been in place in some form since 2004, analyzes network traffic to detect hacks as they’re happening – but the tactics employed in the OPM breach looked more or less like everyday network traffic, and weren’t caught until officials analyzed the data more closely after a different attack. In November 2014 the OPM Inspector General reported that the agency’s security practices amounted to a “significant deficiency,” and that eleven major systems were a “material weakness” because of how they were set up.

The White House has ordered OPM and other agencies to increase their cybersecurity measures by patching vulnerabilities, upgrading their software, and enabling multi-factor authentication for sensitive systems. President Obama said he plans to discuss cybersecurity issues with Chinese President Xi Jinping during his US visit this week.

Earlier in the summer anonymous federal officials said Chinese hackers were responsible for the breach, but China denied the charges and the US never formally blamed the country for the hack. OPM initially reported that data had been stolen on 4.2 million government workers and contractors (and their spouses and family members), but later revised the figure up to 21.5 million people.

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK