In a September 23, 2015 statement OPM Press Secretary, Sam Schumach, confirmed that the number of individuals whose fingerprints were stolen increased from 1.1 million to approximately 5.6 million, raising concerns that government agencies are simply not equipped to safeguard the copious amounts of personal and sensitive information.
In June and July, we shared with you the first breaking reports of the OPM hack and continued to follow the story closely as more information came to light revealing the severity of the breach. Initial estimates indicated that up to 4 million past and present government workers' information was compromised. That number quickly climbed to 21.5 million.
While these new reports do not increase the overall estimate of people who were impacted by the data breach and are now vulnerable to identity theft, each new set of revelations does narrow the chances that this theft was committed by fraudsters looking to cash in. More likely, it was a breach for counterintelligence.
In the official statement, OPM explained that it was reviewing investigation records when they identified additional fingerprint data that was exposed. ArsTechnica writes that the fingerprints were collected as part of OPM's background investigations—ranging from employees with low-risk positions to full field investigations for more sensitive positions. Based on leaked statements from the Obama administrations, many speculate that the fingerprint data is now in the hands of China's intelligence community.
OPM downplayed the gravity of the biometric breach by adding that, "Federal experts believe that, as of now, the ability to misuse fingerprint data is limited," but they admitted that, "this probability could change over time as technology evolves."
The theft of fingerprints is particularly troublesome, because unlike a password or a Social Security Number, fingerprints cannot be changed. Hackers now have access to irrevocable identifiers for U.S. federal employees. And even if the use of biometric data is limited now, you can be sure in the future it will become more commonplace. The Apple iPhone 6s is a perfect example of this—it now features a more sophisticated fingerprint reader for security measures. As this technology advances, biometric data may become more sought after.
Although, the thought that a foreign government may be behind this major breach or that biometric data may become yet another piece of personal information we must protect is distressing to say the least, what exactly does this mean for the average American?
Two warnings we can take away from this unfolding story are:
The use of new technological advances may make you more vulnerable. When Apple and then others first moved to develop and provide biometric pads for the everyday security of your cell phone, you probably thought this was the safest kind of password you could get. The thefts of these fingerprints show us that biometric security may not be as impregnable as we hoped.
It is more important than ever to protect our personal and financial information. This breach, like many others, shakes us to our cores and reminds us to be more vigilant. This breach is different however, because it was a government agency that was raided. We tend to think that the government has more security than corporate companies and even our own computers, but that's simply not the case. We cannot absolutely safeguard against cyber-attacks, but we can take steps to mitigate the negative effects of ID theft , which is why being cautious is so important.
A credit monitoring services can help you stay vigilant by keeping an eye on your credit files and alerting you to certain activity that may indicate fraud. With early detection you can freeze your credit, close accounts, and obtain new credit cards, quickly containing the damage.