Canadian Underwriter
News

Number of fingerprints stolen in massive U.S. data breach increases by 4.5 million; misuse expected to be limited


September 24, 2015   by Canadian Underwriter


Print this page Share

The Office of Personnel Management (OPM) in the United States – the human resources department for the federal government that suffered a massive data breach affecting about 21.5 million people in June – said on Wednesday that the number of individuals whose fingerprints have been stolen has increased by 4.5 million.

The subset of individuals whose fingerprints have been stolen has increased from about 1.1 million to about 5.6 million

As part of the federal government’s ongoing work to notify individuals affected by the theft of background investigation records, the OPM and the Department of Defense (DoD) have been analyzing impacted data to verify its quality and completeness. During that process, OPM and the DoD identified archived records containing additional fingerprint data not previously analyzed, OPM press secretary Sam Schumach said in a statement.

Related: U.S. senators introduce cybersecurity bill to boost Department of Homeland Security’s authority

Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were affected by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million, Schumach said in the statement. While the new discovery does not increase the overall estimate of 21.5 million individuals affected by the incident, an interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals.

“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” Schumach said, however, “this probability could change over time as technology evolves.”

Related: US personnel chief Katherine Archuleta resigns after more than 21 million affected by hack

An interagency working group with expertise in this area – including the Federal Bureau of Investigation, Department of Homeland Security, DoD and other members of the intelligence community – will review the “potential ways adversaries could misuse fingerprint data now and in the future,” the statement said. This group will also seek to develop potential ways to prevent such misuse and if, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.

Related: Massive data breach could affect every federal agency; China based hackers suspected

The OPM noted that all individuals impacted by this intrusion and their minor dependent children (as of July 1, 2015) are eligible for identify theft and fraud protection services, at no cost to them. In conjunction with the DoD, OPM will begin mailing notifications to affected individuals, with these notifications will proceed on a rolling basis.

The breach actually dates back to April, when OPM said that it discovered that personnel data of 4.2 million current and former federal government employees had been stolen. While investigating the incident in early June, OPM found that additional information had been compromised, including background investigation records of current, former and prospective federal employees and contractors.


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*