What was once estimated to be 1.1 million fingerprints stolen in an extended breach on the Office of Personnel Management (OPM) last year, has grown to 5.6 million. This is in addition to the approximately 21.5 million government employees and contractors whose personal information was compromised.
The growing stash of information taken has thus far included these fingerprints, ‘sensitive’ information, and social security numbers. The SF86 form was a likely target of information, as it is a required document for all applicants in the security clearance process. Applicants share their personal background information — including family information, residences, drug backgrounds, bank records, job assignments and more — in the extensive questionnaire.
The release of this updated figure appears to be the product of an ongoing investigation into exactly what was lost. OPM released a statement that says that “an interagency working group with expertise in this area — including the FBI, DHS, DOD, and other members of the Intelligence Community — will review the potential ways adversaries could misuse fingerprint data now and in the future.”
The statement adds that “An interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals.”
Critics are notably concerned by the severity of the information lost in the breach, and are also looking at the gradual release of information regarding what was lost and who was affected. This latest update, according to the OPM, “does not increase the overall estimate of 21.5 million individuals impacted by the incident.”
OPM has tried to assuage the outrage by stating that those affected by the breach will be eligible for identity theft and fraud protection services at no cost. Additionally, the office has said that “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” Hopefully those aren’t the same experts that were supposed to protect this information in the first place. Cybersecurity experts have pointed at how the OPM had knowledge that their systems were vulnerable, but did nothing to secure them. China has been implicated in the breach and it is interesting that this revelation has come ahead of Chinese President Xi Jinping’s visit to Washington D.C. with President Obama. Cybersecurity issues are reportedly part of the scope of discussion on the agenda.