Obama Administration

The Massive Hack of Government Personnel Data Just Got A Lot Worse

OPM now says 5.6 million fingerprints stolen.


An already huge hack of government personnel data just blew up in size: Some 5.6 million fingerprints were stolen as part of a massive data breach, according to the Office of Personnel Management (OPM)—far more than the 1.1 million fingerprints initial reported. 

Fingerprint files are especially sensitive, The Washington Post notes, because they can't be changed: 

Breaches involving biometric data like fingerprints are particularly concerning to privacy experts because of their permanence: Unlike passwords and even Social Security numbers, fingerprints cannot be changed. So those affected by this breach may find themselves grappling with the fallout for years.

"The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling," said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. "I'm surprised they didn't have structures in place to determine the number of fingerprints compromised earlier during the investigation."

Right. In some ways, the most worrying part of the news isn't the increased scale of the breach, it's that government officials didn't even know how big it is. 

Rather conveniently, news about the increased number of fingerprints lost in the cyberattack broke during the Pope's news-dominating speech event at the White House. 

The fingerprints were stolen as part of a breach made public over the summer in which some 22 million government employees and family members had personal information compromised. News of that hack followed earlier reports of a separate (though likely related) attack on OPM files that resulted in the theft of information regarding 4.2 million government employees

The attacks took place under the watch of OPM director Katherine Archuleta, a political appointee who served as National Political Director Obama's 2012.  Archuleta stepped down in July shortly after news of the larger hack broke. 


NEXT: 'Sexual Rights' Now Part of U.S. Foreign Agenda

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Unlike passwords and even Social Security numbers, fingerprints cannot be changed.

    I’ll prove you wrong.

    *plugs in hotplate*

    1. i would go so far as to say it is easier to change fingerprints than a SSN

  2. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

    I’m more surprised that the they didn’t bury the larger number under the rug.

    1. There’s only so much room under the rug.

      1. You know who else had a big rug?…

        1. Mr. Lebowski?

          1. It really tied the room together…

        2. Jack Benny?

        3. Donald Trump, allegedly?

        4. William Shatner?

  3. 22 million government employees and family members had personal information compromised

    The safest thing to do is euthanize every government employee.

    1. Does that number include state and locals? Seems way to high for just federal.

      1. Probably includes current and former, and military.

        1. Yes. And we shoot back, your honor…

  4. The fact that no heads are rolling over this–even when the people affected most are the government’s own employees–tells you all you need to know about the incentives related to accountability in the government.

    In other words, there are none. And these are the people fucking with the rest of us on a daily basis.

    1. That’s only because we just don’t have the Right People in charge. Yet.

    2. Same with the IRS targeting people they didn’t like. It was such a insanely blatant disregard for individual rights and the rule of law yet no one has even been fired yet. One person -1!- was placed on leave and eventually retired with full benefits.

      Other than that, nothing else happened. What else do you need to know? You are a fucking number and your rights are only valid as long as you don’t piss them off too much.

    3. Not to mention the incentives related to accountability in families. Why do people let family members drag them into this shit, and why haven’t they started killing each other over it now? Or at least mass disownings?

      Friends don’t let friends get involved with the state.

      1. Fine, I disown you. Happy now?

        1. Yes.

          1. Well I guess everybody’s happy then!

            (wipes tear discreetly)

            1. I’m not.

      2. In a lot of cases, family members might not even know.

  5. OT although related somewhat given that they’re using his visit as a smokescreen – I’ve come to realize that I hate the Pope. Not this Pope in particular, just the office of the Pope generally. I hate him because I’m constantly being bombarded by various political ideas held by the Pope, but there is no evidence that any of his ideas have any merit and there’s no reason to assume some random asshole who was elected to lead a church by other random assholes has any ideas worth listening to. His every proclamation is treated as if I should somehow take his opinion into account, even when everything he’s saying is self-evidently retarded nonsense I’d expect from an eighth grader in civics class or perhaps a drunken hobo or something.

    He has no worthwhile ideas, yet his worthless ideas get massive press traction because he happens to lead a church I don’t belong to and don’t care about.

    Fuck the Pope. My apologies to the three Reason writers who are Catholic.

    1. It’s just naive media bullshit. I fucking hate Christianity but apparently I know about 1000x more about it than the elite journalists working on narratives about the Pope.

      1. Did you see ESB on twitter having a massive orgasm over this wonderful display of Popery?

        1. I’ll admit that I wouldn’t mind seeing that…

          1. I’m imagining something similar to the scene in Private Parts.

        2. No, I really haven’t seen her RTed at all about this.

          Sounds like that’s your fault.

          1. You can’t blame him for his feelings of attraction towards that shrew, it all stems from his mother not breastfeeding him.

            1. Shows how much you know. My mother couldn’t breastfeed me due to the damage it would have done to my tiny body thanks to her crippling mescaline addiction.

              I sure showed you.

    2. Irish, just go watch The Borgias. It’s very good, you’ll enjoy the pope being played by Jeremy Irons, and Holliday Grainger is really hot.

      1. more like cute.

        1. Watch her in action on the show. Then get back to me.

  6. If ever an image was begging for some alt text…

  7. And yet we should totally have national biometric IDs to stop those dirty mexicans from taking our jerbs. No downsides at all!

    1. Oh hey, reasonable is working again!

      1. Silver linings all the way around my rain cloud.

  8. The fingerprints were stolen as part of a breach made public over the summer in which some 22 million government employees and family members had personal information compromised.

    All of this of course proves the need for increased government oversight of all computer networks. Now do you guys understand why Hillary had her own email server?

  9. I don’t have time to read the linked articles, but Suderman doesn’t specify whether it was only the fingerprints of government employees that were stolen. The government holds the fingerprints of non-employees too.

    1. Employees of corporations who held security clearances to support government contracts had personal information exposed in the hack.

      I am not sure if fingerprinting is part of the clearance process.

      1. It is.

        I’ll just be over here in the corner, seething.

      2. Immigrants also. I’ll be seething in another corner.

      3. As I recall, it is, or it was, back when I was processed for a security clearance. Of course, that was a long,long time ago.

  10. This shows Hillary’s prescient wisdom and foresight. If only the rest of government were as qualified.

  11. Is this a repeat or yet another “inflation”? I thought the government already “underestimated” this crap a few weeks ago. Maybe that was some other massive government hack.

  12. Re the ongoing chain of data breaches involving private sector companies, I suppose that someone might possibly be fired, I guess that could happen. Re what appear to be the worsening data breaches at government departments and agencies, the incompetents are the employees of the people, who might reasonably expect to see some heads on fence posts. Interestingly, nothing of the sort happens, the miscreants, individuals at fault likely get promoted. Anyone surprised??

Please to post comments

Comments are closed.