FYI.

This story is over 5 years old.

News

US Admits Hackers Stole 5.6 Million Fingerprints in Massive Data Breach

The government originally reported that hackers stole 1.1 fingerprints after accessing Defense Department security clearance data earlier this spring.
Photo by Matthias Schrader/AP

The United States government confirmed that some 5.6 million fingerprint records were stolen during a mass hack of Defense Department security clearance data.

The Office of Personnel Management (OPM) originally reported that hackers stole 1.1 fingerprints, but updated their figures in a statement issued Wednesday.

OPM now estimates that a total of 21.5 million people had their Social Security identification numbers and other sensitive information stolen in the hacking incident earlier this spring. The discovery of additional missing fingerprints did not affect that overall total, it said.

Advertisement

US officials have privately blamed the breach on Chinese government hackers, but they have avoided saying so publicly. Officials also have said no evidence has surfaced yet suggesting the stolen data has been abused, though they fear the theft could present counterintelligence problems.

OPM downplayed the danger of stolen fingerprint records, saying the ability to misuse the data is currently limited. But it acknowledged the threat could increase over time as technology evolves.

"Therefore, an interagency working group with expertise in this area… will review the potential ways adversaries could misuse fingerprint data now and in the future," it said.

Related: Hacks Bring Down US Background Check System — But the Worst Is Yet to Come

The group includes members of the Intelligence Community, as well as the FBI, Department of Homeland Security, and the Pentagon.

"If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach," OPM said.

The Defense Department and OPM are working together to begin mailing notifications to the people whose information was stolen, the OPM statement said.

Reuters contributed to this report