The Office of Personnel Management and the Department of Defense are analyzing a data breach which has resulted in stealing of around 5.6 million fingerprint records of federal workers. Initial reports put the number at 4.5 million, however the latest report released on Wednesday 23rd September suggests that the number is as high as 5.6 million.
WIRED contacted the OPM asking for details of which of fed employees’ fingerprints were stolen; but they still haven’t received any response. The hack was discovered a few months ago and the data pertains to security clearances for past several years. Although there has been no official statement about who the hackers could be, privately it has been acknowledged by the US government officials that the act was perpetrated by either Chinese hackers or hackers backed by the Chinese government.
Chinese President Xi Jinping is in the United States and is scheduled to meet US President Barack Obama. Obama has recently stated that cyber threats posed by Chinese governments or the hackers backed by it is “an act of aggression that has to stop.” President Obama’s meeting with President Jinping will include addressing the issue of cyber security.
On Wednesday Josh Earnest the White House Spokesperson said that the investigations are still underway and currently the investigators do not “have any conclusions to share publically about who may or may not have been responsible.” The figure of 5.6 million could also be inconclusive as the attack could have affected over 21.5 million fed employees as stated earlier by OPM. OPM had confirmed that the victims of the attack were military and intelligence employees who had security clearances and the attack had its origin in China.
OPM said in a statement on its website, “During that process, OPM and [the Department of Defense] identified archived records containing additional fingerprint data not previously analyzed. Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.”
OPM will be dispatching letters to all the victims and has offered them free credit monitoring. OPM also stated that the stolen data is not a major threat since the misuse of it is highly unlikely due to various limitations. It further said that “An interagency working group with expertise in this area … will review the potential ways adversaries could misuse fingerprint data now and in the future”.
The OPM statement further added that if new technology is developed in future to misuse the stolen fingerprints, more information will be provided to the fed employees whose fingerprints have been stolen.