Thursday, November 26, 2020

5.6 million fingerprints stolen in U.S. personnel data hack, five times as many as previously thought

Must read

Vincent van Gogh was MURDERED, says forensic expert

The true nature of Vincent van Gogh’s death continues to be a topic ripe for mystery – after a leading forensics expert has claimed...

Presenting Fingerprint Comparisons in Court using Forensic Comparison Software

This video gives the fingerprint technician some ideas on how to present a Fingerprint Comparison result to the court that looks professional. To accomplish this...

20 Things You Didn’t Know About… Blood

1. Karl Landsteiner discovered blood types in 1901 by observing that blood from people of different types would clot when mixed together. He later classified...

New 3D Crime Scene Scanner unveiled by New Zealand Forensic Services

New Zealand's leading forensic agency has revealed its latest crime fighting tool, and it's taken it one step closer to a real-life version of...
Michael Whyte
Crime Scene Officer and Fingerprint Expert with over 12 years experience in Crime Scene Investigation and Latent Print Analysis. The opinions or assertions contained on this site are the private views of the author and are not to be construed as those of any professional organisation or policing body.
- Forensic Podcast -

One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks.

That’s more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer. The total number of those believed to be caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same.

OPM and the Department of Defense were reviewing the theft of background investigation records when they identified additional fingerprint data that had been exposed, OPM said in a statement.

Breaches involving biometric data like fingerprints are particularly concerning to privacy experts because of their permanence: Unlike passwords and even Social Security numbers, fingerprints cannot be changed. So those affected by this breach may find themselves grappling with the fallout for years.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

Lawmakers, too, were upset about the latest revelation. “OPM keeps getting it wrong,” said Rep. Jason Chaffetz (R-Utah). ” I have zero confidence in OPM’s competence and ability to manage this crisis.”

As fingerprints increasingly replace passwords as a day-to-day security measure for unlocking your iPhone or even your home, security experts have grown concerned about how hackers might leverage them.

But federal experts believe the potential for “misuse” of the stolen fingerprints is currently limited, according to OPM, but that could “could change over time as technology evolves.” It also said an interagency working group including experts from law enforcement and the intelligence community will review ways that the fingerprint data could be abused and try to develop ways to prevent that from happening.

“If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” OPM said.

OPM says it is still in the process of notifying everyone caught up in the breach. But they will be offered free identity theft and fraud protection services, the agency said.

China is widely suspected of being behind the breaches, perhaps as part of move to build a massive database on Americans. But U.S. government officials have so far declined to publicly blame the nation for the cyberattacks. Chinese President Xi Jinping is currently visiting the U.S. and described China as a strong defender of cybersecurity and a victim of hacking itself during a speech in Seattle on Tuesday.

The hacks sparked an outcry on Capitol Hill where lawmakers criticized the government’s response and said the agency should have done more to protect the information in the first place. Some called for the firing of OPM director Katherine Archuleta, who eventually resigned in July.

One lawmaker criticized OPM for releasing the new information during the Pope’s visit to Washington: “Today’s blatant news dump is the clearest sign yet that the administration still acts like the OPM hack is a PR crisis instead of a national security threat,” said Sen. Ben Sasse (R-Neb.) in a statement.

OPM spokesman Sam Schumach said the additional batch of compromised fingerprints wasn’t identified until very recently and that the agency spent the past several days analyzing the data.

“Yesterday, we began informing members of Congress, as well as the OPM Inspector General, of these newly identified archived records, and disclosed that this would change the fingerprint number previously reported,” he said in an e-mailed statement. The agency was able to confirm the new total population Wednesday morning and subsequently informed the public, Schumach said.

Source: Washington Post

- Advertisement -

More articles

- Advertisement -

Latest article

Trees and shrubs might reveal the location of decomposing bodies

Plants could help investigators find dead bodies. Botanists believe the sudden flush of nutrients into the soil from decomposition may affect nearby foliage. If...

Are Detectives discounting the associative value of fingerprints that fall short of an identification in their investigations?

Every day, Fingerprint Experts in every latent office across the globe examine fingermarks that they determine to fall short of an identification....

Using the NCIC Bayesian Network to improve your AFIS searches

This National Crime Information Centre (NCIC) Bayesian network is based on the statistical data of general patterns of fingerprints on the hands...

DNA decontamination of fingerprint brushes

Using fingerprint brushes across multiple crime scenes yields a high risk of DNA cross-contamination. Thankfully an Australian study has discovered a quick and easy way to safely decontaminate fingerprint brushes to prevent this contamination risk and allows the brushes to be safely reused even after multiple cleaning cycles.

Detection of latent fingerprint hidden beneath adhesive tape by optical coherence tomography

Adhesive tape is a common item which can be encountered in criminal cases involving rape, murder, kidnapping and explosives. It is often the case...