In July the first report of the OPM hack estimated that 1.1 million fingerprint records were taken as part of a major cyber breach at the Office of Personal Management (OPM) affecting 21.5 million past and present government employees. An investigation of OPM claims far more fingerprint records were actually stolen than was previously believed.

After closer review the Department of Defense and OPM discovered that a grand total of 5.6 million records where stolen.

Breaches that involve biometric data such as fingerprints are of great concern, as fingerprints cannot be changed. This type of breach could have very negative repercussions for many years to come.

Along with the release of the updated numbers OPM said that Federal intelligence officials are reviewing how the hackers could use the fingerprints and how to prevent their usage. “Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” said the release.

OPM officials now believe that the hackers have been in their system for almost a year and that they gained access through a contractors stolen login information in the first breach in May 2014. The second breach was discovered whilst investigating the first breach and it is believed to be the work of the same group.

Though U.S. officials point to China the White House has never made an accusation. The Director of National Intelligence, James Clapper suggests China is a “ leading suspect”. “You have to kind of salute the Chinese for what they did,” Clapper said. Even though China has denied any involvement in the cyber breach tensions are increasing over the situation.

NBC News reported that China accused the United States of making "groundless accusations" and being "irresponsible" in blaming Chinese hackers for a vast data breach that could be the biggest cyber-attack in U.S. history.

Obama said Friday on a visit to Fort Meade, Md.: “We’ve made very clear to the Chinese that there are certain practices that they’re engaging in that we know are emanating from China and are not acceptable. And we can choose to make this an area of competition — which I guarantee you we’ll win if we have to — or, alternatively, we can come to an agreement in which we say: ‘This isn’t helping anybody. Let’s instead try to have some basic rules of the road in terms of how we operate.’ ”

Source
Washington Post
NBC News


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA