OPM stolen data includes 5.6 Million Fingerprints

According to the a statement by OPM Press Secretary Sam Schumach on Background Investigations Incident OPM breach included 5.6 Million Fingerprints.

The press secretary of the Office of Personnel Management, Sam Schumach, announced that the data breach suffered by the OPM exposed approximately 5.6 million sets of fingerprints belonging to federal employees, contractors, and other members of the staff.

In a first time, the number of sets of fingerprints that was stolen has been estimated at 1.1 million, but a new investigation presented a worst scenario. Be aware, the discovery of the overall amount of stolen data doesn’t not increase the number of people affected by the OPM data breach that is 21.5 million.

“During that process, OPM and DoD identified archived records containing additional fingerprint data not previously analyzed.  Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.” states the official statement issued by the OPM.

“This does not increase the overall estimate of 21.5 million individuals impacted by the incident.  An interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals.”

Fortunately, in this moment the likelihood to misuse stolen fingerprint is very low, as reported in the statement:

“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited.  However, this probability could change over time as technology evolves.  Therefore, an interagency working group with expertise in this area – including the FBI, DHS, DOD, and other members of the Intelligence Community – will review the potential ways adversaries could misuse fingerprint data now and in the future.” states the announcement.

The fingerprint data stolen by hackers were collected as part of the OPM’s background investigations at all levels of sensitivity.

According to ArsTechnica, leaked statements from the Obama administration confirm the involvement of Chinese state-sponsored hackers in the OPM hack.

Pierluigi Paganini

(Security Affairs – OPM, fingerprints)