One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people's fingerprints were stolen as part of the hacks.
That's more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer. However, OPM said Wednesday the total number of those believed to be caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same.
OPM and the Department of Defense were reviewing the theft of background investigation records when they identified additional fingerprint data that had been exposed, OPM said in a statement.
Breaches involving biometric data like fingerprints are particularly concerning to privacy experts because of their permanence: Unlike passwords and even Social Security numbers, fingerprints cannot be changed. So those affected by this breach may find themselves grappling with the fallout for years.
"The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling," said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. "I'm surprised they didn't have structures in place to determine the number of fingerprints compromised earlier during the investigation."
Lawmakers, too, were upset about the latest revelation. "OPM keeps getting it wrong," said Rep. Jason Chaffetz, R-Utah. " I have zero confidence in OPM's competence and ability to manage this crisis."
As fingerprints increasingly replace passwords as a day-to-day security measure for unlocking your iPhone or even your home, security experts have grown concerned about how hackers might leverage them.
But federal experts believe the potential for "misuse" of the stolen fingerprints is currently limited, according to OPM, but that could "could change over time as technology evolves." It also said an interagency working group including experts from law enforcement and the intelligence community will review ways that the fingerprint data could be abused and try to develop ways to prevent that from happening.
"If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach," OPM said.
OPM says it is still in the process of notifying everyone caught up in the breach. But they will be offered free identity theft and fraud protection services, the agency said.
China is widely suspected of being behind the breaches, perhaps as part of move to build a massive database on Americans. But U.S. government officials have so far declined to publicly blame the nation for the cyberattacks. Chinese President Xi Jinping is currently visiting the U.S. and described China as a strong defender of cybersecurity and a victim of hacking itself during a speech in Seattle on Tuesday.
One lawmaker criticized OPM for releasing the data during the pope's visit to Washington: "Today's blatant news dump is the clearest sign yet that the administration still acts like the OPM hack is a PR crisis instead of a national security threat," said Sen. Ben Sasse, R-Neb., in a statement.
The Washington Post
Thu Sep 24 2015
Office of Personnel Management said 5.6 million people's fingerprints were stolen as part of the massive cybersecurity breaches.
Dua warga AS antara yang ditemui maut di bilik hotel di Thailand
Jabatan Negara Amerika Syarikat ambil maklum mengenai laporan mengenai dua warganegaranya yang ditemui mati di sebuah hotel di Thailand.
EU tolak label UNRWA sebagai organisasi pengganas
Ketua Dasar Luar Kesatuan Eropah (EU), Josep Borrell mengulangi penolakan blok itu melabel Agensi Bantuan dan Kerja Bangsa-Bangsa Bersatu untuk Pelarian Palestin (UNRWA) sebagai organisasi pengganas.
Mengimbau sedekad tragedi MH17
Pesawat MH17 Malaysia Airlines ditembak jatuh di timur Ukraine sejurus berlepas dari Lapangan Terbang Schiphol di Amsterdam, mengorbankan kesemua 283 penumpang dan 15 anak kapal di dalamnya.
Tragedi yang berlaku pada 17 Julai 2014 itu, kini memasuki tahun ke-10 kejadiannya.
Tragedi yang berlaku pada 17 Julai 2014 itu, kini memasuki tahun ke-10 kejadiannya.
Kerajaan teliti kaedah baharu lantikan tetap, pastikan kewangan negara lebih mampan
Kerajaan sedang meneliti kaedah baharu lantikan tetap bagi memastikan pengurusan kewangan negara yang lebih mampan.
PDRM gerak unit skuba forensik, K9 cari telefon, rantai Nur Farah Kartini hari ini
Proses mencari bahan bukti akan dimulakan sekitar jam 9 pagi di kawasan parit berhampiran ladang kelapa sawit berkenaan.
Bangkai pesawat MH17 tanpa sayap imbau kekejaman tragedi menyayat hati
Keadaan serpihan pesawat MH17 Malaysia Airlines (MAS) yang cuba dibina semula tanpa sayap, tayar, ekor dan tempat duduk penumpang cukup menggerunkan sekali gus mengingatkan pada kekejaman yang meragut
VOP akan diselesaikan dalam tempoh sebulan - Ahmad
Pelaksanaan Syarat Perubahan Harga (VOP) susulan penyasaran subsidi diesel dijangka diselesaikan dalam tempoh sebulan lagi, kata Timbalan Menteri Kerja Raya Datuk Seri Ahmad Maslan.
Industri minyak sawit disaran guna semula sisa untuk bahan api penerbangan mampan - Liew
Industri minyak sawit perlu mengkaji penggunaan semula sisa sebagai stok suapan penting untuk bahan api penerbangan mampan (SAF), di luar penggunaan tradisional minyak sawit.
SDG: UTP lahir pelajar berkemahiran, tinggi tanggungjawab sosial
UTP berhasrat mendidik pelajar bukan sahaja untuk mahir dalam aspek teknikal tetapi juga untuk menjadi warganegara yang bertanggungjawab.
MAA semak semula unjuran jualan kenderaan 2024 kepada 765,000 unit
Persatuan Automotif Malaysia (MAA) telah menyemak semula unjuran jualan kenderaan bermotor baharu bagi 2024 kepada 765,000 unit daripada anggaran sebelumnya sebanyak 740,000 unit.