The attack that hit the US Office of Personnel Management (OPM), the body which handles staff records and security clearances, stole more fingerprint data than first thought.
The devastating hack was detected back in April, and US authorities are looking into a possible Chinese connexion, although China has denied it was behind the hack.
But now it seems that the hackers actually got away with about 5.6 million fingerprint records, 4.5 million more than initially reported. The discovery came during an ongoing analysis of the data breach.
“As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analysing impacted data to verify its quality and completeness,” said the OPM.
“During that process, OPM and DoD identified archived records containing additional fingerprint data not previously analysed,” it said. “Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million. This does not increase the overall estimate of 21.5 million individuals impacted by the incident.”
The fact that the hackers now have many more fingerprints at their disposal will no doubt be raising alarm bells internally. But publicly, the OPM is saying that the ability to misuse fingerprint data is limited (at the time being).
“As we have stated previously, all individuals impacted by this intrusion and their minor dependent children (as of July 1, 2015) are eligible for identify theft and fraud protection services, at no cost to them,” said the OPM. “In conjunction with the Department of Defense, OPM is working to begin mailing notifications to impacted individuals, and these notifications will proceed on a rolling basis.”
The fingerprint revelation comes at a time when the US is preparing for the state visit of Chinese President Xi Jinping. President Obama will raise the issue of Chinese hacking in talks with Xi at the White House later this week.
China has been repeatedly blamed in the past for a number of “state sponsored” attacks against US government departments and businesses. Attempts by both countries to tackle the scourge of cyber crime together stalled last year.
Matters were not helped when the US filed hacking charges against Chinese army personnel. In late May 2014, the US filed indictments against five members of Unit 61398 of the Chinese People’s Liberation Army (PLA).
Previous “state sponsored” attacks have hit healthcare provider Anthem; US Investigations Services (USIS), the largest provider of background investigations to the American government; as well as numerous defence contractors.
As a result, President Barack Obama, created a new sanctions scheme against hackers after he signed an executive order in April this year.
America has also warned that that the United States military has the right to retaliate with military force against a cyber-attack.
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…