Since it was announced in June that hackers had breached the U.S. Government’s Office of Personnel Management (OPM) database, the full breadth of the crippling cyberattack has gone from bad to worse. First, there was the revelation that the government’s initial claims that data had been stolen from just 4.4 million current and former government employees was a gross underestimate. In fact, the actual number was closer to 22 million affected employees, many of whom provided extremely personal information to the OPM—including social security numbers, birth dates, and statements on their sex lives, mental health history, and drug use—while applying for government jobs. As a result, OPM head Katherine Archuleta resigned the next day.
And now, it seems that even that dismal footnote was just the tip of the iceberg. Today, The Washington Post is reporting that the hackers, who are suspected to be Chinese, also stole the fingerprints of 5.6 million people, a significant jump from the 1.1 million victims of fingerprint theft previously reported. What’s more, as the Post points out, it’s a form of identification that cannot be easily erased.
“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” reads an OPM statement released today. “However, this probability could change over time as technology evolves. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.”
At the core of this hack is the growing realization that the U.S. Government is especially vulnerable to cyberattacks, even with dozens of Silicon Valley stalwarts flooding the capital. Rather than implementing a government-wide security standard, agencies are often charged with securing their own databases, resulting in a patchwork of security protocols that range from airtight to rudimentary.
“OPM and an interagency team from the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have been investigating these incidents, and are working to put in place changes that will prevent similar thefts in the future,” reads a government-issued FAQ concerning the hack. “At this point, it is most likely that no new significant information about exfiltration will be found regarding these incidents.”