“However, this probability could change over time as technology evolves”, OPM said in a statement. The White House has been coy about the significance of nearly 6 million stolen fingerprint records. But for intelligence operatives, the notion that the Chinese have their fingerprints is a nightmare. USA officials have privately blamed the breach on Chinese government hackers, but they have avoided saying so publicly.
Advertisement
There has been no evidence that the stolen data is being abused, with the agency downplaying any imminent danger due to the hacked fingerprint records as technology that can take advantage of the data is limited. Security industry executives eWEEK spoke with are concerned about the additional risk the loss of fingerprint information represents. Those threats could grow as the federal government incorporates more biometric authentication features into its security systems, Wired reports. The revelation about the extent of extracted fingerprint data is significant because these data can be used directly as means of stealing a person’s identify.
The stolen records included detailed biographical forms that federal employees must fill out to obtain security clearances, and they would have provided identifying information about friends and family in the US and overseas. That information is very useful, especially in the aggregate, to engage in future breaches against specific individuals’ credit and financial accounts, he added.
The FBI, Pentagon and Department of Homeland Security are all part of the task force assessing how losing fingerprint data might affect victims. Overall, the latest disclosure in the OPM breach investigation is unlikely to be the last update as more detail may still emerge, security experts said.
If the Chinese government did carry out the breach, it is not clear how exactly it intends to use the federal worker data.
“The internal virtual LANS and servers at OPM were substantially compromised and the forensics data has not helped OPM quickly enough”, said Wright.
Bloomberg reported in July, citing anonymous sources, that a hacker group from China was responsible for the security breaches at both OPM and health insurer Anthem.
Advertisement
Intelligence officers initially underestimated the significance of the cyber attack on OPM servers which now is considered to be the largest in the history of the United States. The U.S. government will continue to evaluate the coverage being provided and whether any adjustments are needed in association with this incident.
