FingerprintsThe Office of Personnel Management hack is seeming a little bit like the Energizer Bunny these days — it keeps going and going. Unfortunately for the victims of this massive data breach, there’s nothing positive about the details that have been released little by little over the past three months. A statement by the OPM Press Secretary released Sept. 23 indicated that the amount of people whose fingerprints were exposed during the hack was grossly underestimated. Originally, it was said that 1.1 million people’s fingerprints were compromised — the real number is actually 5.6 million, which is approximately 25% of the more than 20 million victims in the overall data breach. This new information was discovered during the OPM’s process of notifying both former and current employees affected by the hack, when it identified archived records that contained fingerprint data not previously analyzed.

Why did the Office of Personnel Management have so many fingerprints on file?

These fingerprint records were collected for background checks conducted by the U.S. government for high-security positions, such as law enforcement, the military, foreign service and judicial jobs. The records date back to at least 2000, and in addition to this data, the breach also exposed medical, financial and personal information such as people’s social security numbers. Unlike a social security number or a credit card, however, a person’s fingerprints can’t be changed — and that’s what makes this worrisome.

How much do government employees need to worry?

Fortunately, as an OPM spokesperson stated, the ability to use fingerprint data for nefarious purposes is currently limited. That said, as biometric technology that uses fingerprints — such as Apple’s Touch ID security feature on its phones — becomes more commonplace, the potential for it to be misused increases. Right now, the biggest concern when it comes to the leak of so many people’s fingerprints is for those holding government jobs that require them to operate in secrecy (such as a spy). The hackers are believed to be of Chinese origin, and the concern all along has been with national security and the security of those working against the Chinese government or others whose positions might be compromised by the information contained in their OPM files.

Are data breach victims covered by identity theft protection?

As of right now, in addition to the original provision of identity theft protection and credit monitoring from CSID that OPM offered to those who were identified as data breach victims from the start, the U.S. Department of Defense has recently awarded a $133 million contract to Identity Theft Guard Solutions LLC. This contract is designed to provide monitoring as well as protection of victims’ credit files and identities for three or more years. While these services can help track the use of your personal information, such as your social security number or financial information, it cannot protect your fingerprint from being used if it was breached — nothing can. Although most evidence points to the compromised information not being used for identity theft purposes, it’s still important for everyone to be vigilant. If you believe your information may have been compromised in this breach and you haven’t been contacted by the OPM yet, now is the time. It should be noted that the OPM has not sent out any notifications for this incident yet. Get more details on what victims should do by visiting the OPM’s website.

You can learn more about protecting yourself from identity theft by following our identity theft protection blog.