The US government said on Wednesday that hackers who stole security clearance data of a large number of Defense Department and other US government employees escaped with around 5.6 million fingerprint records, somewhere in the range of 4.5 million, which is more than initially reported.
The Office of Personnel Management (OPM) said in an announcement that the additional stolen fingerprint records were identified as part of a continuous analysis of the data breach by the OPM, and the Department of Defense. The theft was detected this spring, and has affected security clearance data dating back many years.
The news arrived just ahead of a state visit to Washington by Chinese President Xi Jinping. US authorities have privately accused the breach on Chinese government hackers, yet they have abstained from saying publicly.
President Barack Obama has said cybersecurity will be a major center of his discussions with Xi at the White House on Friday. Recently, Obama said that the United States has told China that industrial espionage in cyberspace by its proxies or government is an act of animosity, which needs to abate.
US authorities have said no proof has surfaced yet proposing the stolen information has been abused, however, they fear the breach could present counterintelligence issues.
White House representative Josh Earnest said on Wednesday the investigation into the data breach that influenced the records of about 21.5 million government employees, was continuing and he didn't have any conclusions to share openly about who might have been responsible for the breach.
Josh indicated the OPM announcement was not related with Xi's visit, but rather came to fruition on the grounds that authorities at OPM had met with members of Congress and told about the fingerprints, and thus expected to release the data to people in general as well.
Officials from Defense Department and OPM recently discovered that additional fingerprints had been stolen which had been kept during investigation the data breach, OPM said in a statement.
Amid that procedure, officials detected archived records containing additional fingerprint records, which were not already analyzed, the OPM statement said. Accordingly, the estimated number of individuals who had fingerprint records stolen rose to 5.6 million from the 1.1 million initially reported, it said.
The OPM said the total number of individuals affected by the breach was estimated to be 21.5 million. The company downplayed the danger posed by stolen fingerprint data, saying the ability to misuse the information is right now constrained. In any case, it recognized the risk could increment after some time as technology evolves.
The OPM agency stated that an interagency working group with expertise in this area will review the potential ways adversaries could misuse fingerprint records now and in the future. The group includes individuals of the intelligence community and in addition the FBI, Department of Homeland and the Pentagon.
In future, if new methods are developed to breach the fingerprint records, the US government will come up with additional records for those individuals whose fingerprints may have been stolen in this breach, OPM said.
The people affected by the breach have not yet been notified. The personnel and office and Defense Department were cooperating to start mailing notifications to those affected individuals, the OPM statement said.