The US Government’s Office of Personnel Management (OPM) has now admitted that 5.6m fingerprint records have been stolen, over five times the 1.1m that it originally thought.
In total, the records of 21.5m have been breached, and the attack has resulted in the resignation of Katherine Archuleta as the head of OPM.
In a statement, OPM’s official spokesman said:
"Of the 21.5m individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million."
However, the spokesman insisted that "Federal experts believe that, as of now, the ability to misuse fingerprint data is limited."
The loss of data as highly sensitive as fingerprints has consequences beyond that of other breaches, explains Bryan Lillie, CTO, at cyber security firm QinetiQ:
"Theft of biometric data introduces ethical issues. The people who have fingerprint data stored now have no control over what it is used for, which could include identify theft and access to secure systems. It’s not like stealing money which can be reimbursed."
"Big data thefts like these compromise not just individuals, but your entire system, and maybe other systems which also rely on that same data for security."
The breach is thought to have been conducted by hackers in China, and has provoked wide ranging comment from security experts.