Federal Data Breach Included 5.6M Compromised Fingerprints, Five Times The Original Estimate

Federal investigators underestimated the number of fingerprints stolen in a massive breach of the Office of Personnel Management earlier this year: the agency announced Wednesday that 5.6 million individuals’ finger prints were stolen, nearly five times the original estimate of 1.1 million compromised prints.

The Office of Personnel Management (OPM) – essentially the federal government’s giant human resources office – discovered a breach earlier this year that affected nearly 21 million current and former employees, as well as prospective employees, their families and others who applied for federal background investigations in the last 15 years.

At the time, the agency said only 1.1. million peoples’ fingerprints were compromised. On Wednesday, OPM revised that number as part of a continuing investigation.

Despite the significant increase in the number of compromised fingerprints, the agency doesn’t believe that prints can be used to access government buildings or devices.

“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” OPM said in a statement. “However, this probability could change over time as technology evolves.”

The agency says it is working with a group of experts from other government entities, including the FBI, DHS, DOD, and other members of the Intelligence Community, to review the potential ways in which the data could be misused in the future.

“If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach,” the agency says.

OPM first announced the massive breach back in July, saying that if an individual underwent a background investigation in 2000 or after, it is “highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.”

Of the 21.5 million individuals affected in the breach, 19.7 million simply applied for a background investigation, while about 1.8 million non-applicants – predominantly spouses and co-habitants of applicants –were victims of the breach, OPM says.

OPM said that information regarding mental health or financial histories provided by those that have applied for a security clearance and by individuals contacted during the background investigation were not affected by the breach.

The agency reiterated on Wednesday that all individuals impacted by this intrusion and their minor dependent children (as of July 1, 2015) are eligible for identify theft and fraud protection services.

Along with the Department of Defense, OPM is working to begin mailing notifications to impacted individuals, and these notifications will proceed on a rolling basis.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.