The Massive Hack of Government Personnel Data Just Got A Lot Worse

OPM now says 5.6 million fingerprints stolen.

Peter Suderman | 9.23.2015 1:04 PM

An already huge hack of government personnel data just blew up in size: Some 5.6 million fingerprints were stolen as part of a massive data breach, according to the Office of Personnel Management (OPM)—far more than the 1.1 million fingerprints initial reported.

Fingerprint files are especially sensitive, The Washington Post notes, because they can't be changed:

Breaches involving biometric data like fingerprints are particularly concerning to privacy experts because of their permanence: Unlike passwords and even Social Security numbers, fingerprints cannot be changed. So those affected by this breach may find themselves grappling with the fallout for years.

"The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling," said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. "I'm surprised they didn't have structures in place to determine the number of fingerprints compromised earlier during the investigation."

Right. In some ways, the most worrying part of the news isn't the increased scale of the breach, it's that government officials didn't even know how big it is.

Rather conveniently, news about the increased number of fingerprints lost in the cyberattack broke during the Pope's news-dominating speech event at the White House.

The fingerprints were stolen as part of a breach made public over the summer in which some 22 million government employees and family members had personal information compromised. News of that hack followed earlier reports of a separate (though likely related) attack on OPM files that resulted in the theft of information regarding 4.2 million government employees.

The attacks took place under the watch of OPM director Katherine Archuleta, a political appointee who served as National Political Director Obama's 2012. Archuleta stepped down in July shortly after news of the larger hack broke.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: 'Sexual Rights' Now Part of U.S. Foreign Agenda

Hide Comments (51)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Lee G 10 years ago

Unlike passwords and even Social Security numbers, fingerprints cannot be changed.

I'll prove you wrong.

*plugs in hotplate*
1. Jay Dubya 10 years ago
  
  i would go so far as to say it is easier to change fingerprints than a SSN
Lee G 10 years ago

"I'm surprised they didn't have structures in place to determine the number of fingerprints compromised earlier during the investigation."

I'm more surprised that the they didn't bury the larger number under the rug.
1. Unicorn Abattoir 10 years ago
  
  There's only so much room under the rug.
  1. Mr Lizard 10 years ago
    
    You know who else had a big rug?...
    1. paranoid android 10 years ago
      
      Mr. Lebowski?
      1. FreeToFear 10 years ago
        
        It really tied the room together...
    2. Scarecrow & WoodChipper Repair 10 years ago
      
      Jack Benny?
    3. Citizen X 10 years ago
      
      Donald Trump, allegedly?
    4. lap83 10 years ago
      
      Aladdin?
    5. Loki 10 years ago
      
      William Shatner?
  2. plusafdotcom 10 years ago
    
    NEAD BIGGUR RUUUUUGGG....
Rt. Hon. Judge Woodrow Chipper 10 years ago

22 million government employees and family members had personal information compromised

The safest thing to do is euthanize every government employee.
1. Drake 10 years ago
  
  Does that number include state and locals? Seems way to high for just federal.
  1. Scarecrow & WoodChipper Repair 10 years ago
    
    Probably includes current and former, and military.
    1. Swiss Servator 10 years ago
      
      Yes. And we shoot back, your honor...
Episiarch 10 years ago

The fact that no heads are rolling over this--even when the people affected most are the government's own employees--tells you all you need to know about the incentives related to accountability in the government.

In other words, there are none. And these are the people fucking with the rest of us on a daily basis.
1. WTF 10 years ago
  
  That's only because we just don't have the Right People in charge. Yet.
2. Tman 10 years ago
  
  Same with the IRS targeting people they didn't like. It was such a insanely blatant disregard for individual rights and the rule of law yet no one has even been fired yet. One person -1!- was placed on leave and eventually retired with full benefits.
  
  Other than that, nothing else happened. What else do you need to know? You are a fucking number and your rights are only valid as long as you don't piss them off too much.
3. Just say Nikki 10 years ago
  
  Not to mention the incentives related to accountability in families. Why do people let family members drag them into this shit, and why haven't they started killing each other over it now? Or at least mass disownings?
  
  Friends don't let friends get involved with the state.
  1. Episiarch 10 years ago
    
    Fine, I disown you. Happy now?
    1. Just say Nikki 10 years ago
      
      Yes.
      1. Episiarch 10 years ago
        
        Well I guess everybody's happy then!
        
        (wipes tear discreetly)
        
        Citizen X 10 years ago
        
        I'm not.
  2. H. Protagonist 10 years ago
    
    In a lot of cases, family members might not even know.
Irish ?s ESB 10 years ago

OT although related somewhat given that they're using his visit as a smokescreen - I've come to realize that I hate the Pope. Not this Pope in particular, just the office of the Pope generally. I hate him because I'm constantly being bombarded by various political ideas held by the Pope, but there is no evidence that any of his ideas have any merit and there's no reason to assume some random asshole who was elected to lead a church by other random assholes has any ideas worth listening to. His every proclamation is treated as if I should somehow take his opinion into account, even when everything he's saying is self-evidently retarded nonsense I'd expect from an eighth grader in civics class or perhaps a drunken hobo or something.

He has no worthwhile ideas, yet his worthless ideas get massive press traction because he happens to lead a church I don't belong to and don't care about.

Fuck the Pope. My apologies to the three Reason writers who are Catholic.
1. Just say Nikki 10 years ago
  
  It's just naive media bullshit. I fucking hate Christianity but apparently I know about 1000x more about it than the elite journalists working on narratives about the Pope.
  1. Irish ?s ESB 10 years ago
    
    Did you see ESB on twitter having a massive orgasm over this wonderful display of Popery?
    1. Episiarch 10 years ago
      
      I'll admit that I wouldn't mind seeing that...
      1. RBS 10 years ago
        
        I'm imagining something similar to the scene in Private Parts.
    2. Just say Nikki 10 years ago
      
      No, I really haven't seen her RTed at all about this.
      
      Sounds like that's your fault.
      1. Idle Hands 10 years ago
        
        You can't blame him for his feelings of attraction towards that shrew, it all stems from his mother not breastfeeding him.
        
        Irish ?s ESB 10 years ago
        
        Shows how much you know. My mother couldn't breastfeed me due to the damage it would have done to my tiny body thanks to her crippling mescaline addiction.
        
        I sure showed you.
2. Episiarch 10 years ago
  
  Irish, just go watch The Borgias. It's very good, you'll enjoy the pope being played by Jeremy Irons, and Holliday Grainger is really hot.
  1. Idle Hands 10 years ago
    
    more like cute.
    1. Episiarch 10 years ago
      
      Watch her in action on the show. Then get back to me.
R C Dean 10 years ago

What a clown show.
RBS 10 years ago

If ever an image was begging for some alt text...
Apatheist ?_?? 10 years ago

And yet we should totally have national biometric IDs to stop those dirty mexicans from taking our jerbs. No downsides at all!
1. Apatheist ?_?? 10 years ago
  
  Oh hey, reasonable is working again!
  1. waffles 10 years ago
    
    Silver linings all the way around my rain cloud.
SIV 10 years ago

Fingerprint File
Paul. 10 years ago

The fingerprints were stolen as part of a breach made public over the summer in which some 22 million government employees and family members had personal information compromised.

All of this of course proves the need for increased government oversight of all computer networks. Now do you guys understand why Hillary had her own email server?
Raven Nation 10 years ago

I don't have time to read the linked articles, but Suderman doesn't specify whether it was only the fingerprints of government employees that were stolen. The government holds the fingerprints of non-employees too.
1. kinnath 10 years ago
  
  Employees of corporations who held security clearances to support government contracts had personal information exposed in the hack.
  
  I am not sure if fingerprinting is part of the clearance process.
  1. H. Protagonist 10 years ago
    
    It is.
    
    I'll just be over here in the corner, seething.
  2. Raven Nation 10 years ago
    
    Immigrants also. I'll be seething in another corner.
  3. Alan@.4 10 years ago
    
    As I recall, it is, or it was, back when I was processed for a security clearance. Of course, that was a long,long time ago.
Scarecrow & WoodChipper Repair 10 years ago

This shows Hillary's prescient wisdom and foresight. If only the rest of government were as qualified.
Rhywun 10 years ago

Is this a repeat or yet another "inflation"? I thought the government already "underestimated" this crap a few weeks ago. Maybe that was some other massive government hack.
Alan@.4 10 years ago

Re the ongoing chain of data breaches involving private sector companies, I suppose that someone might possibly be fired, I guess that could happen. Re what appear to be the worsening data breaches at government departments and agencies, the incompetents are the employees of the people, who might reasonably expect to see some heads on fence posts. Interestingly, nothing of the sort happens, the miscreants, individuals at fault likely get promoted. Anyone surprised??

Please log in to post comments

Latest

ICE Denies Reason Access to Immigration Court In Miami Detention Center

Deported for Innocent Tattoos?

Oh, Canada

Federal Court 'Vacates in Its Entirety' the FDA's Costly and Onerous Lab Test Rule

A Trade War Will Reduce American Exports Too

Recommended

Login Form