Hackers Stole Records of 5.6 Million Employees’ Fingerprints from OPM Breach

The Office of Personnel Management (OPM) originally claimed that 1.1 million fingerprints were stolen from a massive data breach that affected 21.5 million federal employees. After investigating the breach further, the number of stolen fingerprints has increased to 5.6 million.

OPM, the U.S. Government’s HR agency has revealed in a new statement that stolen fingerprints records of contractors, job applicants and millions of current and former federal workers have gone up from 1.1 million to about 5.6 million, negating initial estimates, reports Bloomberg.

The revelation of the stolen fingerprints, a subset of the larger breach that has compromised personal information and details including Social Security Numbers of nearly 21.5 million employees is significant, due to the frequent implementation of fingerprint security.

A Breach That Just Keeps Getting Worse

Millions of federal data breach victims who are still in the dark with insight about the impact of the breach can now expect the details to be worse than initially imagined.

When the OPM breach was initially reported, the estimated victims of the breach were around 4 million federal employees. It was within weeks when the OPM admitted that nearly 22 million federal employee personnel records and security records had been breached. After further investigation, the OPM has now revealed that up to 5.6 million fingerprint records have also been stolen, affecting more of the same 21.5 million federal employees.

“As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness,” began the statement from the OPM in a press release.

“During that process, OPM and DoD identified archived records containing additional fingerprint data not previously analyzed.

“Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.  ”

U.S. officials and security researchers believe that Chinese hackers are behind the massive data breach that struck the government agency, and it can prove to be a sensitive topic if bought up during Chinese President Xi Jinping’s first state visit that’s currently underway.

The digital forensics investigation that followed also revealed that the overall estimate of 21.5 million victims has not increased.

Crucially, OPM, in a statement via its spokesman Samuel Schumach believes that, as things stand, malicious attackers’ ability to misuse fingerprint data is currently limited.

“However, this probability could change over time as technology evolves,” confirmed the spokesman.