WASHINGTON — One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people’s fingerprints were stolen as part of the hacks.
That’s more than five times the 1.1 million government officials estimated when the cyberattacks were disclosed during the summer. However, OPM said Wednesday the total number of those believed caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same.
Unlike passwords and even Social Security numbers, fingerprints cannot be changed. So those affected may find themselves grappling with the fallout for years.
“I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology.
China is widely suspected of being behind the breaches.
