OPM says, “an interagency working group with expertise in this area … will review the potential ways adversaries could misuse fingerprint data now and in the future. This group will also seek to develop potential ways to prevent such misuse. If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.”
Theoretically criminals could devise a way to use the fingerprint records as authentication in systems where fingerprints are used as biometric identifiers.
The working group includes the FBI, Department of Homeland Security and the Department of Defense as well as other members of the intelligence community, OPM says.
OPM and the Department of Defense have been double-checking their assessment of what was stolen in the breach discovered in April and found that the previously announced 1.1 million affected individuals was inaccurate. Overall, personnel records for 21.5 million people were affected.
The working group is preparing to mail letters notifying those individuals whose records have been compromised.
A statement by OPM indicates it leaves open the possibility that it might discover more data was stolen and says the government will provide identity protection to those affected. “Together with our interagency partners, OPM is committed to delivering high-quality identity protection services to impacted individuals,” the statement says. “The interagency team will continue to review the impacted data to enhance its quality and completeness, and to monitor for any misuse of the data. The U.S. Government will continue to evaluate the coverage being provided and whether any adjustments are needed in association with this incident.”
Federal experts believe that, as of now, the ability to misuse fingerprint data is limited. However, this probability could change over time as technology evolves. Therefore, an interagency working group with expertise in this area – including the FBI, DHS, DOD, and other members of the Intelligence Community – will review the potential ways adversaries could misuse fingerprint data.
This group will also seek to develop potential ways to prevent such misuse. If new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.
"As we have stated previously, all individuals impacted by this intrusion and their minor dependent children (as of July 1, 2015) are eligible for identity theft and fraud protection services, at no cost to them. In conjunction with the Department of Defense, OPM is working to begin mailing notifications to impacted individuals, and these notifications will proceed on a rolling basis. OPM and our partners across government are working to protect the safety and security of the information of Federal employees, service-members, contractors, and others who provide their information to us. Together with our interagency partners, OPM is committed to delivering high-quality identity protection services to impacted individuals. The interagency team will continue to review the impacted data to enhance its quality and completeness, and to monitor for any misuse of the data. The U.S. Government will continue to evaluate the coverage being provided and whether any adjustments are needed in association with this incident."