As more details surface regarding this summer’s Office of Personnel Management (OPM) breach, the less likely it seems that the wound will ever fully heal. Government officials originally estimated that 1.1 million people’s fingerprints were compromised, but now the agency says the number is greater — over five times greater, to be exact.
According to OPM, the fingerprints of 5.6 million federal employees were stolen during the cyberattacks. A statement from the agency explained that free identity theft and fraud protection will be extended to the victims, and those impacted by this massive breach are being notified by mail. As Wired reports, however, there’s no explanation of how the theft of over five million federal employees' fingerprints will impact national security.
Although OPM described the threat of fingerprint data being misused as “limited,” says Wired, the agency noted that evolving technology could cause this to change in the future. Those threats could grow as the federal government incorporates more biometric authentication features into its security systems, Wired reports.
To analyze the real possibility of a future fingerprint data usage threat, OPM stated yesterday that it has organized a task force of agencies:
Therefore, an interagency working group with expertise in this area – including the FBI, DHS, DOD, and other members of the Intelligence Community – will review the potential ways adversaries could misuse fingerprint data now and in the future. This group will also seek to develop potential ways to prevent such misuse. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.
With each turn, this scenario continues to illustrate the need for federal agencies to update their IT systems. Last year, FedTech reported that several agencies, including OPM, were still using COBOL — a programming language that was popular during the 1960s. Although examining how the stolen data can be abused is indeed very important, moving to modern systems that offer more protection is just as imperative, if not more so.