Massive Chinese hack of U.S. personnel nabbed five times as many fingerprints as first believed

(Cyberwar.news) The Office of Personnel Management said earlier this week that 5.6 million people are now estimated to have had fingerprint information stolen in a massive hack that investigators suspect originated in China.

Initially, the OPM had estimated that figure at 1.1 million – still significant, but more than fives times below the revised estimate.

In addition, some 21.5 million current and former U.S. government employees have had their Social Security numbers and other sensitive information stolen in the hack, officials said.

According to the OPM, “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” But officials further acknowledged that, in the future, technologies could be developed to take better advantage of the stolen prints.

There are plans for an interagency working group consisting of the FBI, Department of Homeland Security and the Department of Defense, among others, to study the implications of the stolen fingerprint data, OPM officials said.

For more breaking news on U.S. cybersecurity policy, check out CyberAttack.news, powered by FETCH.news.

Have you “liked” Cyberwar.news on Facebook? Click here!

Privately, U.S. officials have blamed the massive cyber breach on Chinese government hackers, but so far the Obama Administration has not said so publicly. Beijing, meanwhile, has denied any involvement.

The OPM and other government officials have said that, thus far, there is no indication that the stolen information has been abused in any way. However, there are fears that theft of the data is liable to present counterintelligence issues.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology, told The Washington Post. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

Some lawmakers, too, were alarmed by the revised figure.

“OPM keeps getting it wrong,” said Rep. Jason Chaffetz (R-Utah). “I have zero confidence in OPM’s competence and ability to manage this crisis.”

“Today’s blatant news dump is the clearest sign yet that the administration still acts like the OPM hack is a PR crisis instead of a national security threat,” added Sen. Ben Sasse (R-Neb.) in a statement.

As biometrics – like fingerprints – increasingly replace passwords as a means of protecting classified and sensitive data, intelligence officials are increasingly worried that the hacked prints could be deployed in some manner by adversaries to access U.S. systems without detection.

Keep up with all defense- and foreign policy-related news at NationalSecurity.news

“If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” OPM said.

Chinese President Xi Jinping is currently in the U.S. for an official state visit. It wasn’t clear if the subject of the OPM breach – and Chinese hacking of American systems in general – was to be part of President Obama’s agenda, but a number of analysts have said it’s likely to be, at least at some level.

As Cyberwar.news has reported, one GOP presidential contender, former Hewlitt Packard CEO Carly Fiorina, has called on the administration to make continued acts of cyber aggression “very painful for China.”

“We’ve known for over a decade the Chinese were coming after our most important systems,” she said during an Aug. 23 interview.

“We ought to make it very painful for the Chinese to be aggressive in cyber warfare.”

See also:

CNBC.com

WashingtonPost.com

CyberWar.news