Image 01 Image 03

OPM Hack Update: Data on 5.6 Million Fingerprints Stolen

OPM Hack Update: Data on 5.6 Million Fingerprints Stolen

…and guess who’s coming to dinner at the White House…

Back in July, the federal government let it slip that they had evidence that China was responsible for compromising the records of nearly 22 million federal employees. It was one of the largest thefts of government data ever recorded, and exposed gaping holes in the security protocols protecting sensitive information. The wake of the breach was plagued by resignations and recriminations, and new protocols were pitched, but these “solutions” left those affected feeling completely out in the cold.

Unfortunately for those people, things just got a lot worse. OPM revealed today that they believe hackers stole the fingerprints of 5.6 million federal employees and applicants—a far cry from the 1.1 million that OPM originally reported.

Of note: this news was released just as the Pope arrived at the White House, which was a terribly convenient happenstance.

More from the NY Times:

Before Wednesday, the agency had said that it lost only 1.1 million sets of fingerprints among the more than 22 million individuals whose records were compromised.

“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” the agency said in a written statement that came out just as Washington was focused on the arrival of Pope Francis on the South Lawn of the White House. But clearly, the uses are growing as biometrics are used more frequently to assure identity in secure government facilities and even on personal iPhones.

The agency said that an “interagency working group,” with help from the F.B.I., the Department of Homeland Security and intelligence agencies, would “review the potential ways adversaries could misuse fingerprint data now and in the future.”

One of the biggest concerns about the breach of personnel records has been that China, or any other nations given access to the data, could use it to identify intelligence agents, defense personnel or government contractors. Other data on the forms that were obtained, about matters as varied as bankruptcies and personal and sexual relationships, could be used for blackmail.

Fortunately, federal officials have not yet found evidence that the breach led to additional financial theft or other crimes; there’s just that pesky security risk to worry about.

Officials cited security concerns when they refused to officially blame China for the attack, but the White House has said that President Obama will use this week’s state visit by Chinese President Xi Jinping as an opportunity to address the problem.

Via Reuters:

President Barack Obama has said cybersecurity will be a major focus of his talks with Xi at the White House on Friday. The United States has told China that industrial espionage in cyberspace by its government or proxies is “an act of aggression that has to stop,” Obama said recently.

U.S. officials have said no evidence has surfaced yet suggesting the stolen data has been abused, though they fear the theft could present counterintelligence problems.

White House spokesman Josh Earnest said on Wednesday the investigation into the data breach, which affected the records of some 21.5 million federal workers, was continuing and he did not “have any conclusions to share publicly about who may or may not have been responsible.”

He indicated the OPM announcement was not related to Xi’s visit but instead came about because officials at OPM had met with members of Congress and told them about the fingerprints and so needed to release the information to the public as well.

Well, just as long as they’re aware.

Follow Amy on Twitter @ThatAmyMiller


Donations tax deductible
to the full extent allowed by law.



“Government is what we choose to do together”.

“We are in the best of hands”.

“We have top men working on it. Top. Men.”

And you can’t EVER have my medical records, you Collectivist morons!

This is one more thing that will become part of Obama’s legacy. Move over Jimmy Carter.

Can I sue the gov’t if mine is included? How are they not responsible

    buckeyeminuteman in reply to legalizehazing. | September 24, 2015 at 1:46 pm

    The DOD has all my medical records, personal information and fingerprints, as they do all other current and prior military members. Maybe we should call one of those ambulance-chaser lawyers. You know, those guys at 1-800-BAD-DRUG.

“The United States has told China that industrial espionage in cyberspace by its government or proxies is ‘an act of aggression that has to stop,’ Obama said recently.

“Obama added, ‘And if they don’t stop, they will surely learn why I’m known as President Stompyfeet around here! I didn’t earn that title for nothing!'”

Connivin Caniff | September 24, 2015 at 7:59 am

So much for undercover FBI, DEA and CIA officers.

    Sammy Finkelman in reply to Connivin Caniff. | September 24, 2015 at 12:32 pm

    No, for that, they could use the security clearance and background checks they stole from the Office of Personnel Management.

    Any name that is not in the background check that should be in the background check files, or should be in a certain subset of those files, if what they are being told is true, is presumptively a made up false identity or false work history, created by the U.S. government.

    That creates a lot of problem for the use of any kind of official U.S. government cover.

    They also have some information useful for blackmail.

Sammy Finkelman | September 24, 2015 at 12:27 pm

I’m not sure what the Chinese government is going to do with these fingerprints – which are also only a small subset of all Americans.

Maybe somebody knows, but this looks like grabbing information for the sake of grabbing information.

It’s not like they expect to rule the United States.

It’s not like there are many Americans who go to china who conceal their identity – and do they take fingerpints, anyway??

They could use it, maybe, though, to defeat some systems where a fingerprint is needed to log in or enter, but usually if they are really secure, these systems will wnat some indication that it is live and not a picture.

Remind me of the total number of federal employees fired as a result of all these security breaches?