5.2 million scans of this form, complete with fingerprints, are now in the hands of foreign intelligence. But don't worry, because the feds say there are very few ways the data can be "misused." (credit: FBI)
The Office of Personnel Management's press secretary, Sam Schumach, announced this morning that the breach of OPM background investigation data included approximately 5.6 million sets of fingerprints from federal employees, contractors, and other subjects of federal background checks. The new number, tied to the discovery of additional archived data that was stolen over the period of the breach, more than quintuples the amount of individuals whose fingerprint data was stolen. OPM's previous estimate stood at 1.1 million. However, the new findings do not increase the overall number of people affected in the background investigation data breach from 21.5 million, Schumach said in an official statement.
Those fingerprints were collected as part of the OPM's background investigations at all levels of sensitivity—ranging from the "National Agency Check with Written Inquiries" (NACI) inquiries for federal employees with "moderate, low risk and non-sensitive positions" to the full field investigations required for more sensitive positions. Based on leaked statements from the Obama administration, the fingerprint data is now, at a minimum, in the hands of the foreign intelligence services of China. Just how that fingerprint data could be used, however, is not clear.
"Federal experts believe that, as of now, the ability to misuse fingerprint data is limited," Schumach said. "However, this probability could change over time as technology evolves. Therefore, an interagency working group with expertise in this area—including the FBI, DHS, DOD, and other members of the Intelligence Community—will review the potential ways adversaries could misuse fingerprint data now and in the future...[and] also seek to develop potential ways to prevent such misuse. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach."
Read on Ars Technica | Comments