Hackers have stolen the fingerprints of over 5.6 million US federal employees in one of the worst breaches of government security. US intelligence believes the hack to be an act of Chinese espionage, which comes just days before China's president Xi Jinping is to visit the White House to discuss cybersecurity issues with Barack Obama.
The attack stole the information in employees' security clearance forms, which included fingerprint records, background information and family details. It wasn't only agency staff who were targeted in the hack but also job applicants and contractors who would have had a background check by the government, which adds weight to the claim this is believed to have a national security motive rather than financial one. Speaking to the potential harm cause, a senior intelligence official told the NY Times: "I am assuming there will be people we simply can't send to China."
What can hackers do with a fingerprint?
The agency has sought to calm fears by writing in a statement that "federal experts believe, as of now, the ability to misuse fingerprint data is limited". However, with many devices such as the Apple iPhone, Samsung Galaxy, laptops and an increasing number of technology using biometric security to unlock, gathering fingerprints may be far more dangerous.
US fingerprint hack explained
The first announcement of a security breach at the Office of Personnel Management (OPM), which handles the personnel for the US Government and federal staff, was revealed in June.
The OPM's database of 21.5 million individuals was compromised and it was initially reported that only 1.1 million records were stolen. In a White House statement delivered on 23<sup>rd September, the figure was raised to 5.6 million.
China has been unofficially blamed for the attack by US intelligence agencies.
A huge implication of the hack is how China could now have the data to identify US government officials and US spies as they enter China. Many Chinese airports use fingerprint scanners at passport control so having a database of US officials or intelligence workers offers an easy way to cross-reference and flag any individual US agent. Also any US intelligence agent currently working undercover who has had their fingerprints taken in the past now faces the potential threat of being exposed.
A further concern for the US government is how China now holds the necessary information to identify and make contact with individuals within the organisation, which could aid in recruitment or intelligence gathering. It is believed we are yet to see the full extent and impact of the hack and is something that is likely to unfold over years.
This news arrives just a week after IBTimes columnist John McAfee warned of how US cybersecurity is ill-prepared and is a vulnerable target in the next cyberwar.
While the US government is yet to officially point the finger at China for the security breach, it is a strong assumption among US intelligence agencies that is where the attack came from. In the meantime security agencies, the FBI and the Department of Homeland Security "will review the potential ways adversaries could misuse fingerprint data now and in the future" to pre-empt what this data may be used for in the wrong hands.