Hackers stole 5.6 million US government employee fingerprints

Office of Personnel Management 2A massive cyber hacking incident that compromised a United States federal database containing millions of personnel records also resulted in the theft of 5.6 million fingerprint records, American officials have said. Up to 21 million individual files were stolen in June of this year, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances —including intelligence officers.

Back in July, OPM officials told reporters that just over 1 million fingerprint records had been compromised by the cyber hack. However, a new statement issued by the White House last week said that the actual number of stolen fingerprints from the OPM database was closer to 5.6 million. In a subsequent statement, the OPM said there was little that the hackers could do with the fingerprint records, and that the potential for exploitation was “currently limited”. But it added that, as technology continued to be developed, the risk of abuse of the stolen fingerprint records could increase. Therefore, an interagency working group would be put together to “review the potential ways adversaries could misuse fingerprint data now and in the future”, the OPM statement said. It added that the group would be staffed with fingerprint specialists for the Federal Bureau of Investigation, the Department of Defense and the Department of Homeland Security.

External American intelligence agencies, which typically send their officers abroad posing as diplomats, and sometimes under cover identities, are reportedly concerned that certain foreign counterintelligence agencies will be able to use the stolen fingerprints to identify the true identities or professional background of US government employees stationed abroad.

Author: Ian Allen | Date: 29 September 2015 | Permalink

Advertisements

US spies voiced concerns about Fed database prior to massive hack

Office of Personnel ManagementUnited States intelligence officials expressed concerns about a federal database containing details of security-clearance applications in the years prior to a massive cyber hacking incident that led to the theft of millions of personnel records. Up to 18 21 million individual files were stolen last month, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances –including intelligence officers.

Until a few years ago, however, Scattered Castles, the database containing security clearance applications for the US Intelligence Community, was not connected to the OPM database. But in 2010, new legislation aiming to eliminate the growing backlog in processing security-clearance applications required that Scattered Castles be merged with the OPM database. The proposed move, which aimed to create a unified system for processing security clearances made sense in terms of eliminating bureaucratic overlap and reducing duplication within the federal apparatus. But, According to the Daily Beast, US intelligence officials expressed concerns about the merging of the databases as early as 2010. The website said that security experts from the Intelligence Community expressed “concerns related to privacy, security and data ownership” emerging from the impending merge. One official told the Daily Beast that there were fears that the “names, Social Security numbers, and personal information for covert operatives would be exposed to hackers”.

However, the merge went ahead anyway, and by 2014 parts of the Scattered Castles databases were gradually becoming accessible through the OPM network. The Daily Beast cited an unnamed US official as saying that there was “no connection between Scattered Castles and the OPM hack”. But when asked whether Scattered Castles was linked to the OPM system, he referred the website to the Federal Bureau of Investigation, which is probing last month’s hack attack.

Author: Joseph Fitsanakis | Date: 1 July 2015 | Permalink: https://intelnews.org/2015/07/01/01-1726/