A total of 5.6 million fingerprint records were stolen during the data breach of the US Office of Personnel Management (OPM), significantly more than the 1.1 million initially predicted by the agency.
The July cyber attack on the OPM, which has since been blamed on hackers working out of China, resulted in the loss of over 21.5 million federal records.
These included names, addresses, sensitive financial information and Social Security Numbers (SSNs) of federal employees, OPM staff and contractors both past and present.
However, after further investigation, the OPM and the Department of Defense have admitted the attack was worse than previously reported, with almost five time as many fingerprint records stolen than first thought.
“Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million,” admitted the OPM.
The investigators said the ability to exploit fingerprint data “is limited”, but admitted “this probability could change over time as technology evolves".
As a result of this risk, an expert team is being assembled - comprising personnel from the FBI, Department of Defense and Homeland Security – to review potential ways hackers or foreign intelligence agencies could misuse fingerprint data in the future.
“This group will also seek to develop potential ways to prevent such misuse. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” reads the OPM statement.
The US government is offering anyone impacted by the hack identity and fraud protection services free of charge, while the investigation team continues to analyse the mass of data to determine exactly what was stolen.
The news comes at a time when the US and China are attempting to negotiate a so-called cyber peace deal just as Chinese president Xi Jinping begins his first state visit to the country.
During a briefing with the military in Washington, Obama said cyber attacks will now be treated as a “core national security threat”.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches