It isn’t often that the federal government admits fault, but when it does, chances are it’s a big deal. According to the Office of Personnel Management (OPM), approximately 5.6 million fingerprint records on file were compromised by a major data breach. OPM originally reported that only 1.1 million fingerprints had been stolen, but a new statement refreshes the number to read more accurately.
While federal officials have yet to name who is suspect for committing the crime against the U.S., speculation is leaning toward the Chinese government. The major worry on the government’s mind is that there may be counterintelligence issues putting American cybersecurity at risk of future breaches.
Stolen fingerprint data doesn’t necessarily indicate that millions of American lives are in jeopardy, due to lack of options to misuse the records. However, as the mystery of what actually occurred continues to grow, OPM acknowledges that the situation may become direr as technology advances at an unprecedented rate:
“If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” OPM said. “Therefore, an interagency working group with expertise in this area… will review the potential ways adversaries could misuse fingerprint data now and in the future.”
Although matters appear to be somewhat under control, privacy experts are concerned about the permanence of the stolen records. Typically when a data breach occurs, it’s just of usernames, passwords and other temporary data that may change with time. Fingerprints, however, cannot be changed, so those impacted by the OPM data breach could see future problems in the years to come.
“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”
OPM continues to play damage control as OPM spokesman Sam Schumach claimed that the enormous jump from 1.1 million to 5.6 million was simply due to new data being identified over the course of the past several days.
“Yesterday, we began informing members of Congress, as well as the OPM Inspector General, of these newly identified archived records, and disclosed that this would change the fingerprint number previously reported,” Schumach said in an emailed statement to Washington Post.