A total of 5.6 million fingerprint records were stolen during the data breach of the US Office of Personnel Management (OPM), significantly more than the 1.1 million initially predicted by the agency.
The July cyber attack on the OPM, which has since been blamed on hackers working out of China, resulted in the loss of over 21.5 million federal records.
These included names, addresses, sensitive financial information and Social Security Numbers (SSNs) of federal employees, OPM staff and contractors both past and present.
However, after further investigation, the OPM and the Department of Defense have admitted the attack was worse than previously reported, with almost five time as many fingerprint records stolen than first thought.
“Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million,” admitted the OPM.
The investigators said the ability to exploit fingerprint data “is limited”, but admitted “this probability could change over time as technology evolves".
As a result of this risk, an expert team is being assembled - comprising personnel from the FBI, Department of Defense and Homeland Security – to review potential ways hackers or foreign intelligence agencies could misuse fingerprint data in the future.
“This group will also seek to develop potential ways to prevent such misuse. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” reads the OPM statement.
The US government is offering anyone impacted by the hack identity and fraud protection services free of charge, while the investigation team continues to analyse the mass of data to determine exactly what was stolen.
The news comes at a time when the US and China are attempting to negotiate a so-called cyber peace deal just as Chinese president Xi Jinping begins his first state visit to the country.
During a briefing with the military in Washington, Obama said cyber attacks will now be treated as a “core national security threat”.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers