Now, it is the announcement Wednesday (Sept. 23) that the 1.1 million fingerprints stolen as part of the hacks was actually 5.6 million.
Advertisement
OPM said that this does not increase the overall estimate of 21.5 million individuals impacted by the incident.
Unnamed USA officials have told several media outlets that China is behind the cyberattack but the government has not officially made the claim.
Citing federal experts, the agency cautioned that the opportunities to abuse the captured data are now “limited,” but that this “could change over time as technology evolves.” And while biometric security measures such as fingerprint and retina scans are in many ways more secure than old-fashioned passwords, they can never be reset if they’re stolen.
Earlier this month, OPM and DOD awarded a contract to Portland, Oregon-based ID Experts for identity theft protection, identity monitoring, and data breach response and protection services in the hack’s wake.
This has potentially disastrous ramifications for the individuals affected, since there is no way to change fingerprints once they have been compromised, unlike other personal information stolen in the breach.
The Defense Department and OPM are working together to begin mailing notifications to the people whose information was stolen, the OPM statement said.
OPM is maintaining its estimate of total employees affected by the breach at 21.1 million. “I have zero confidence in OPM’s competence and ability to manage this crisis”, Chaffetz said in a release.
“The interagency team will continue to review the impacted data to enhance its quality and completeness, and to monitor for any misuse of the data”, Schumach said.
Talks in Washington this week between President Barack Obama and his Chinese counterpart are expected to focus heavily on the theft of intellectual property from USA firms by Chinese hackers.
This year, the OPM found that its system was breached by hackers linked to China. Ben Sasse (R-Neb.) said in a statement. Acting OPM Director Beth Cobert has said her agency has so far not detected any use of the purloined data to carry out fraud.
Advertisement
The stolen records included detailed biographical forms that federal employees must fill out to obtain security clearances, and they would have provided identifying information about friends and family in the US and overseas.
