“Good enough for government work,” might adequately describe the U.S. Office of Personnel Management’s approach to the June data breach that left more than 21.5 million workers’ records compromised. New information, though, shows that not even the OPM’s paltry initial response was up to snuff.
In a statement issued by the OPM on Wednesday (Sept. 23), the agency explained that of the 21.5 million digital records compromised by a team of hackers, 1.1 million were originally announced to have had copies of their fingerprints stolen. Now, however, the OPM has amended the number of impacted fingerprint files to about 5.6 million in total.
“Together with our interagency partners, OPM is committed to delivering high-quality identity protection services to impacted individuals,” the OPM wrote in a statement. “The interagency team will continue to review the impacted data to enhance its quality and completeness, and to monitor for any misuse of the data.”
The theft of more than 5 million fingerprints poses an unusual problem for the OPM and all affected victims. Assuming that the hackers have surreptitious motives, there are relatively few means by which falsified fingerprint data can yield financial rewards. However, any exploit the hackers do find could prove costly, as consumers can’t simply swap fingerprints as they would with a stolen credit card or compromised bank account.
As some federal officials scramble over how to respond to the latest news, others are wondering how the OPM could have overlooked a fivefold increase in the number of stolen fingerprint records for all this time.
“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, told The Washington Post. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”
Whatever the final outcome, the OPM’s latest announcement, at the very least, casts doubt on the agency’s past claims on data security.
To check out what else is HOT in the world of payments, click here.