After a major hack attack earlier this year against the US government’s Office of Personnel Management, that body along with the Department of Defense have issued new findings following investigations into the security breach. And those findings are not good: The agencies have now disclosed that the fingerprint data of about 5.6 million individuals was compromised in the attack.
That’s a huge increase over the OPM’s previous estimate that about 1.1 million fingerprints had been stolen, though the total number of affected individuals remains at 21.5 million. In a statement, the OPM asserted that federal experts currently believe that “the ability to misuse fingerprint data is limited,” but also noted that “this probability could change over time.”
The OPM went on to explain that it is currently contacting affected individuals, and said, “If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.”
At a time when the US government is increasing its use of biometric identification, this incident could prove to have a chilling effect among the population, as has been seen after major data breaches elsewhere in the world. On the other hand, it could also highlight the need for multimodal security models, in which having just the fingerprints of an individual is of little value. Whatever the ultimate consequences of the attack, at the very least it highlights the need for powerful security in the digital age.
September 24, 2015 – by Alex Perala