Back in July, the federal government let it slip that they had evidence that China was responsible for compromising the records of nearly 22 million federal employees. It was one of the largest thefts of government data ever recorded, and exposed gaping holes in the security protocols protecting sensitive information. The wake of the breach was plagued by resignations and recriminations, and new protocols were pitched, but these “solutions” left those affected feeling completely out in the cold.

Unfortunately for those people, things just got a lot worse. OPM revealed today that they believe hackers stole the fingerprints of 5.6 million federal employees and applicants—a far cry from the 1.1 million that OPM originally reported.

Of note: this news was released just as the Pope arrived at the White House, which was a terribly convenient happenstance.

More from the NY Times:

Before Wednesday, the agency had said that it lost only 1.1 million sets of fingerprints among the more than 22 million individuals whose records were compromised.

“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” the agency said in a written statement that came out just as Washington was focused on the arrival of Pope Francis on the South Lawn of the White House. But clearly, the uses are growing as biometrics are used more frequently to assure identity in secure government facilities and even on personal iPhones.

The agency said that an “interagency working group,” with help from the F.B.I., the Department of Homeland Security and intelligence agencies, would “review the potential ways adversaries could misuse fingerprint data now and in the future.”

One of the biggest concerns about the breach of personnel records has been that China, or any other nations given access to the data, could use it to identify intelligence agents, defense personnel or government contractors. Other data on the forms that were obtained, about matters as varied as bankruptcies and personal and sexual relationships, could be used for blackmail.

Fortunately, federal officials have not yet found evidence that the breach led to additional financial theft or other crimes; there’s just that pesky security risk to worry about.

Officials cited security concerns when they refused to officially blame China for the attack, but the White House has said that President Obama will use this week’s state visit by Chinese President Xi Jinping as an opportunity to address the problem.

Via Reuters:

President Barack Obama has said cybersecurity will be a major focus of his talks with Xi at the White House on Friday. The United States has told China that industrial espionage in cyberspace by its government or proxies is “an act of aggression that has to stop,” Obama said recently.

U.S. officials have said no evidence has surfaced yet suggesting the stolen data has been abused, though they fear the theft could present counterintelligence problems.

White House spokesman Josh Earnest said on Wednesday the investigation into the data breach, which affected the records of some 21.5 million federal workers, was continuing and he did not “have any conclusions to share publicly about who may or may not have been responsible.”

He indicated the OPM announcement was not related to Xi’s visit but instead came about because officials at OPM had met with members of Congress and told them about the fingerprints and so needed to release the information to the public as well.

Well, just as long as they’re aware.

Follow Amy on Twitter @ThatAmyMiller


Donations tax deductible
to the full extent allowed by law.