More than one-quarter of the 21.5 million individuals whose sensitive personal data was swept up in the data breach at the Office of Personnel Management last year had their fingerprint data compromised, the agency announced Wednesday.
OPM had originally estimated that 1.1 million fingerprint records had been stolen when hackers made their way into the agency's data systems, but upon further analysis, investigators from OPM and the Defense Department found "archived records" with additional fingerprint data. The government now estimates that 5.6 million individuals had their fingerprints stolen.
The breach that compromised the biometric data also affected Social Security numbers, health and financial information, names of relatives, and addresses. Officials have privately linked the data breach to China.
In its announcement, OPM sought to downplay the importance of the stolen fingerprint data. "Federal experts believe that, as of now, the ability to misuse fingerprint data is limited," an OPM spokesman said in a statement. "However, this probability could change over time as technology evolves."
Some experts are less confident about the fallout, even now, of a breach of so many fingerprint records. "It’s probably the biggest counterintelligence threat in my lifetime," said Jim Penrose—former chief of the Operational Discovery Center at the National Security Agency and now an executive vice president at the cybersecurity company Darktrace—earlier this summer.