Hackers stole 5.6 million US fingerprints – more than estimated

Daily News Article   —   Posted on September 29, 2015

NOTE: The U.S. Office of Personnel Management (OPM) is an independent agency of the United States government that manages the civil service of the federal government.

(by Jose Pagliery, CNN) — On Wednesday, the U.S. Office of Personnel Management (OPM) said hackers stole 5.6 million fingerprints it had on file. That’s significantly higher than the agency’s original estimate of 1.1 million fingerprints.

This is extremely sensitive information that poses an immediate danger to American spies and undercover law enforcement agents.

As an OPM spokesman told CNNMoney in July: “It’s across federal agencies. It’s everybody.”

Hackers now have a gigantic database of American government employee fingerprints which can be used to positively identify the true identities of those employees.

Anyone with these records could check to see if a diplomat at a U.S. embassy is secretly an employee of an American intelligence agency. That person could then be targeted for arrest or assassination.

That’s particularly alarming, given that U.S. Intelligence Director James Clapper says China is the number one suspect behind the hack.

China and the United States are major trade partners and — for the most part — allies. But the world’s two superpowers are also butting heads.

America is solidifying its influence in southeastern Asia, even as China — on the rise both politically and economically — is expanding its influence in Africa, South America and the Pacific.

In a statement Wednesday, the personnel agency said experts from the Department of Homeland Security, FBI, spy agencies and the U.S. military are meeting to figure out “potential ways adversaries could misuse fingerprint data now and in the future.”

One former CIA officer told CNNMoney he worries that details of his secret past is now in the hands of the Chinese government.

To a lesser extent, there’s also a concern that 5.6 million people can no longer rely on their fingerprints as a security mechanism. This is a problem, given that smartphones and buildings are increasingly using biometric scanners to grant access.

OPM said that “the ability to misuse fingerprint data is limited. However, this probability could change over time as technology evolves.”

Hackers stole federal personnel data on 21.5 million people, including federal employees, contractors, and in some cases their friends and family (because of background checks). That includes Social Security numbers.

But cybersecurity experts say the fingerprints could be one of the worst aspects of the theft. If the hack was indeed committed by foreign government spies, this information isn’t likely to end up on the black market for identity thieves.

Its purpose is to better spy on America — by blackmailing individuals or outing their true identities.

Reprinted here for educational purposes only. May not be reproduced on other websites without permission from CNN Money. For the original article, visit the CNN Money website.



Background

  • OPM said hackers were able to steal the fingerprints of 5.6 million people, up from the 1.1 million estimate it offered more than a month ago. More than 20 million people lost their records as part of the breach, and OPM’s new estimate means that roughly one-quarter of all those affected lost fingerprint data, in addition to information about their health, financial history and families.
  • The fingerprint records were collected as part of background checks conducted since at least 2000 for some of the most sensitive government posts, including law enforcement, military, foreign service and judicial positions.
  • Security analysts have said the loss of fingerprint records could be a nightmare for some U.S. officials, particularly intelligence and military officers who are used to operating covertly and try to avoid leaving any trace of their actions.
  • The cyberattack at OPM was one of the largest government breaches in U.S. history.
  • The U.S. government has offered limited identity-theft protection to the more than 21.5 million people whose records were stolen as part of the OPM breach.
  • The theft and the government’s uneven response sparked criticism from Republicans and Democrats that more should have been done to protect the records. The outcry became so severe - particularly as word spread that the breach was much worse than expected - that OPM’s director, Katherine Archuleta, resigned in July.
  • The agency is now led by acting director Beth Cobert.  (from a Sept. 23 WSJ report)