Four million more current and former federal employees are at additional risk of identity theft than first thought with the discovery that more victims of the massive data breach suffered by the Office of Personnel Management had their fingerprints stolen.
OPM announced today that hackers took the fingerprint data of 5.6 million employees as opposed to the 1.1 million people initially determined to have had this data breached back when the agency announced the details of the second breach in July.
“As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness,” OPM’s press secretary Sam Schumach said in a release. “This does not increase the overall estimate of 21.5 million individuals impacted by the incident. An interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals.”
Schumach said an interagency team led by the FBI, the Homeland Security Department, DoD and members of the intelligence community are focusing on this expanded threat.
“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” he said. “This group will also seek to develop potential ways to prevent such misuse. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.”
OPM reiterated its commitment to protecting current and former federal employees.
“The interagency team will continue to review the impacted data to enhance its quality and completeness, and to monitor for any misuse of the data,” Schumach said. “The U.S. government will continue to evaluate the coverage being provided and whether any adjustments are needed in association with this incident.”
The Navy awarded a contract to ID Experts on Sept. 1 to provide identity theft protection services.
Rep. Jason Chaffetz (R-Utah), chairman of the Oversight and Government Reform Committee, said he was, once again, disappointed in OPM’s handling of the breach.
“OPM keeps getting it wrong. This breach continues to worsen for the 21.5 million Americans affected. I have zero confidence in OPM’s competence and ability to manage this crisis,” Chaffetz said in a release. “OPM’s IT management team is not up to the task. They have bungled this every step of the way.”
Chaffetz has written six letters since August questioning different aspects of the breach. His latest letter went to Navy Secretary Ray Mabus asking for details on the service’s contract award to ID Experts for identity protection services.