OPM Says 5.6 million Fingerprints Stolen In Cyberattack

mschaffer writes: The Office of Personnel Management data breach that happened this summer just got a little worse. The OPM now says that 5.6 million people's fingerprints were stolen as part of the hacks. The Washington Post reports: "That's more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer. However, OPM said Wednesday the total number of those believed to be caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same."

Re:Credentials

Not really, all credentials can be stolen or copied. Fingerprints are just very difficult to change once they have been compromised. That's why that are bad credentials.

Everyone, it was everyone

[NotDrWho]

This same song-and-dance seems to play out with every big hack now:

Week one:
"It was just a few people who had some data limited compromised"

Week two:
It was just a few people who had most of their data compromised, but not their passwords

Week three:
"It was a lot of people, who had most of their data compromised, but not their passwords"

Week four:
"They got everything on everyone"

SF-86 forms

[OffTheLip]

Very detailed histories of a persons family, including SSN's, were part of the heist via Form SF-86. Being a longtime defense department contractor whose security clearance details were likely compromised I am pissed. The forms included personal info from friends gracious enough to vouch for my veracity as a trusted agent for the US government. We were expected to protect paper and electronic copies of this form as we would other sensitive data. The joke appears to be on us.