The Massive Hack of Government Personnel Data Just Got A Lot Worse

OPM now says 5.6 million fingerprints stolen.


An already huge hack of government personnel data just blew up in size: Some 5.6 million fingerprints were stolen as part of a massive data breach, according to the Office of Personnel Management (OPM)—far more than the 1.1 million fingerprints initial reported. 

Fingerprint files are especially sensitive, The Washington Post notes, because they can't be changed: 

Breaches involving biometric data like fingerprints are particularly concerning to privacy experts because of their permanence: Unlike passwords and even Social Security numbers, fingerprints cannot be changed. So those affected by this breach may find themselves grappling with the fallout for years.

"The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling," said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. "I'm surprised they didn't have structures in place to determine the number of fingerprints compromised earlier during the investigation."

Right. In some ways, the most worrying part of the news isn't the increased scale of the breach, it's that government officials didn't even know how big it is. 

Rather conveniently, news about the increased number of fingerprints lost in the cyberattack broke during the Pope's news-dominating speech event at the White House. 

The fingerprints were stolen as part of a breach made public over the summer in which some 22 million government employees and family members had personal information compromised. News of that hack followed earlier reports of a separate (though likely related) attack on OPM files that resulted in the theft of information regarding 4.2 million government employees

The attacks took place under the watch of OPM director Katherine Archuleta, a political appointee who served as National Political Director Obama's 2012.  Archuleta stepped down in July shortly after news of the larger hack broke.