More than 5 million Americans’ fingerprint files were stolen from the federal government, the chief human resources agency said Wednesday, acknowledging the massive data breach was five times larger than they’d previously admitted.
The fingerprint data was stolen in the breach that saw the government lose the most sensitive information on more than 21 million Americans. Chinese hackers have been blamed for the breach.
The OPM insisted the ability to misuse fingerprint data “is limited,” though the agency said as technology improves, the dangers could grow.
“If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” OPM press secretary Samuel Schumach said in a statement announcing the embarrassing revelation.
Officials said the new estimate is that 5.6 million Americans’ fingerprint data was stolen — up from the 1.1 million estimate they’d given over the summer.
The release came just as the country’s attention was turned to the White House, where President Obama was welcoming Pope Francis.
Sen. Ben Sasse, Nebraska Republican, said the revelation was stunning.
“Today’s blatant news dump is the clearest sign yet that the administration still acts like the OPM hack is a PR crisis instead of a national security threat,” Mr. Sasse said. “The American people have no reason to believe that they’ve heard the full story and every reason to believe that Washington assumes they are too stupid or preoccupied to care about cybersecurity.”
Hackers managed to gain access to the background check files of more than 21 million Americans, which included the most sensitive personal information on health, family relationships and finances.
The government has offered a free credit-monitoring service to all of those affected by the breach as a way of trying to combat potential fraudulent use of the data.
The OPM was stung by the breach and by its poor handling once the hack was revealed, with the agency initially dismissing reports of millions of files breached, only to have to admit the final number was much higher than even the most outlandish early estimates.
Criticism from both Republicans and Democrats forced OPM Director Katherine Archuleta to resign in July, and Beth A. Colbert took over as acting director.
House Oversight Committee Chairman Jason Chaffetz, a Utah Republican who pushed Ms. Archuleta’s ouster, said the latest revelation suggests things haven’t gotten better.
“OPM keeps getting it wrong,” he said in a statement Wednesday. “This breach continues to worsen for the 21.5 million Americans affected. I have zero confidence in OPM’s competence and ability to manage this crisis.”
He said the information technology division at OPM has “bungled this every step of the way.”
Investigators from the agency’s inspector general have testified that tech staffers ignored repeated warnings about cybersecurity.
Mr. Schumach said the latest revelation about the number of fingerprint files stolen came after the OPM and the Department of Defense were “analyzing impacted data to verify its quality and completeness.”
President Obama is expected to discuss cybersecurity with Chinese President Xi Jinping when he makes his first visit to the White House at week’s end.
• Stephen Dinan can be reached at sdinan@washingtontimes.com.
Please read our comment policy before commenting.