|
 5.6
million fingerprints stolen in U.S. personnel data hack: government
Send a link to a friend
[September 24, 2015]
By David Alexander
WASHINGTON (Reuters) - Hackers who stole
security clearance data on millions of Defense Department and other U.S.
government employees got away with about 5.6 million fingerprint
records, some 4.5 million more than initially reported, the government
said on Wednesday.
|
|
 The additional stolen fingerprint records were identified as part
of an ongoing analysis of the data breach by the Office of Personnel
Management and the Department of Defense, OPM said in a statement.
The data breach was discovered this spring and affected security
clearance records dating back many years.
The news came just ahead of a state visit to Washington by Chinese
President Xi Jinping. U.S. officials have privately blamed the
breach on Chinese government hackers, but they have avoided saying
so publicly.
President Barack Obama has said cybersecurity will be a major focus
of his talks with Xi at the White House on Friday. The United States
has told China that industrial espionage in cyberspace by its
government or proxies is "an act of aggression that has to stop,"
Obama said recently.
U.S. officials have said no evidence has surfaced yet suggesting the
stolen data has been abused, though they fear the theft could
present counterintelligence problems.
 White House spokesman Josh Earnest said on Wednesday the
investigation into the data breach, which affected the records of
some 21.5 million federal workers, was continuing and he did not
"have any conclusions to share publicly about who may or may not
have been responsible."
He indicated the OPM announcement was not related to Xi's visit but
instead came about because officials at OPM had met with members of
Congress and told them about the fingerprints and so needed to
release the information to the public as well.
Officials from OPM and the Defense Department only recently
discovered that the additional fingerprints had been stolen as they
continued to assess the data breach, OPM said in a statement.
During that process, officials "identified archived records
containing additional fingerprint data not previously analyzed," the
OPM statement said. As a result, the estimated number of people who
had fingerprint records stolen rose to 5.6 million from the 1.1
million initially reported, it said.
OPM said the total number of people affected by the breach was still
believed to be 21.5 million.
[to top of second column] |
The agency downplayed the danger posed by stolen fingerprint
records, saying the ability to misuse the data is currently limited.
But it acknowledged the threat could increase over time as
technology evolves.
"An interagency working group with expertise in this area ... will
review the potential ways adversaries could misuse fingerprint data
now and in the future," it said.
The group includes members of the intelligence community as well as
the FBI, Department of Homeland Security and the Pentagon.
"If, in the future, new means are developed to misuse the
fingerprint data, the government will provide additional information
to individuals whose fingerprints may have been stolen in this
breach," OPM said.
Senator Ben Sasse, a Nebraska Republican who has accused the
administration of failing to take cybersecurity seriously, said the
OPM announcement was further evidence that officials viewed the data
breach as "a PR (public relations) crisis instead of a national
security threat."
The individuals affected by the breach have not yet been notified.
The OPM statement said the personnel office and Defense Department
were working together to begin mailing notifications to those
affected.
(Additional reporting by Jeff Mason and Mark Hosenball; Editing by
Susan Heavey and Andrew Hay)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
