5.6 million fingerprints stolen in US government data hack

The US government has admitted that a security data breach earlier in the year at the Office of Personnel Management (OPM) and the Department of Defense resulted in hackers obtaining a total of 5.6 million employee fingerprints.

The department had previously said that only 1.1 million fingerprints were compromised out of a total of 21.5 million federal workers.

In a statement, OPM said the additional 4.5 million stolen records were only uncovered after it had "identified archived records containing additional fingerprint data not previously analysed."

The data breach was first detected in April but was estimated to have begun at the end of 2014 and affected security clearance records dating back many years.

On Wednesday, White House spokesman Josh Earnest said the investigation into the data breach was still continuing and he did not "have any conclusions to share publicly about who may or may not have been responsible."

However, US officials have privately blamed the breach on Chinese government hackers although they have avoided saying so publicly as Chinese President Xi Jinping is currently on a formal state visit to Washington.

President Barack Obama has said cybersecurity will be a major focus of his talks with Xi at the White House on Friday and described industrial espionage in cyberspace by the Chinese government as "an act of aggression that has to stop.”

OPM has downplayed the danger posed by the stolen fingerprint records, saying the ability to misuse the data is currently limited. However, it acknowledged the threat could increase over time as technology evolves.

"An interagency working group with expertise in this area... will review the potential ways adversaries could misuse fingerprint data now and in the future," it said.

The individuals affected by the breach have not yet been notified. The OPM statement said the personnel office and Defense Department were working together to begin mailing notifications to those affected.

Senator Ben Sasse, a Nebraska Republican who has accused the administration of failing to take cybersecurity seriously, said the OPM announcement was further evidence that officials viewed the data breach as "a PR crisis instead of a national security threat."

In January, Obama proposed a bill with the aim to strengthen cyber-security laws. Progress has been slow, as it has still not been considered or voted upon by the full Senate.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them