Officials State Hackers Stole 5.6 Million Fingerprints, More Than Previously Reported

The Office of Personnel Management (OPM) announced that 5.6 million fingerprints were stolen in April’s cyber attack, more than five times the amount the agency first reported.

The hackers were able to obtain fingerprints, social security numbers, names, addresses, health information, and financial data from millions of government employees. The OPM stated in June that personnel records of 4.2 million people had been compromised in the cyber attack. A month later, the agency announced a second attack that was targeting 21.5 million people and only 1.1 million fingerprints had been stolen.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology. “I’m surprised they didn’t have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

The OPM tried to downplay the situation by stating that the ability to abuse fingerprint data was “currently limited.” The agency did warn that as technology improved there could be a higher chance of someone using their fingerprints as a guarantee of identity. Considering there are now security measures for unlocking smartphones and home security systems using a person’s fingerprints, that day may not be as far as the OPM states.

Investigations are continuing as officials are still trying to find who was responsible for the cyber attacks. Meanwhile, the OPM is still in the process of notifying everyone who had information stolen. According to the agency, they will provide free identity theft and fraud protection services to those who were affected by the cyber attack.

U.S. officials have blamed China for the OPM breach. China has continued to deny the attacks. The announcement comes during the second day that Chinese President Xi Jinping is visiting the United States. Jinping is due to meet President Obama in Washington on Friday.

Chinese President Arrives in U.S. Denies Hacking

Chinese President Xi Jinping arrived in Seattle on Tuesday. He is in the U.S. on a week-long visit that will include meetings with U.S. business leaders, a black-tie state dinner at the White House and an address at the United Nations.

His arrival was met by questions on subjects such as economic reform to cyber attacks, human rights and commercial theft.

Xi, delivered a keynote address to some 650 business executives and other guests in Seattle and touched on a many of the issues that have caused friction to U.S.-China ties.

“China will not manipulate its currency to boost exports and will never engage in commercial theft,” he said, adding his country will not discriminate against foreign businesses, will speed its market opening and make efforts to improve human rights.

“If China and the U.S. cooperate well, they can become a bedrock of global stability…,” Xi said. “Should they enter into conflict or confrontation, it would lead to disaster for both countries and the world at large.”

In an attempt to reassure high tech businesses Xi offered, “The Chinese government will not in whatever form engage in commercial theft, and hacking against government networks. These are crimes that must be punished in accordance with the law and relevant international treaties.”

The Pentagon said on Tuesday that a Chinese aircraft performed an unsafe maneuver during an air intercept of a U.S. spy plane off China’s northeast coast last week as a reminder of the potential hot points between the two countries.
Among the few agreements expected to result from the Obama-Xi summit has been a military-to-military confidence building step aimed at reducing the risk of aerial collisions between warplanes in areas including the South China Sea through agreeing on common rules of behavior.

Russian Man Admits Global Hacking Scheme

A Russian man has admitted his role in a hacking scheme that sold record amounts of stolen credit and debit card numbers.

Vladimir Drinkman admitted that he had a major role in stealing 160 million credit and debit card numbers.  U.S. Attorney Paul Fishman said the hacking and data breach is the largest ever prosecuted in America.

Drinkman pleaded guilty to charges of conspiracy involving wire fraud and unauthorized access to protected computers. The 34-year-old will be sentenced in January and faces up to 35 years in federal prison after which he will be deported.

He also will face millions of dollars in fines.

Drinkman told the court that from 2005 to 2012 he worked with others on a scheme that sent malware to corporate computers to obtain personal information.  The malware would then delete itself so corporations could not tell they had been breached.

Some of the companies impacted where 7-Eleven, Dow Jones and NASDAQ.

Drinkman was arrested in the Netherlands in 2012 and brought to the U.S. for trial.  One of his co-conspirators, Dmitriy Smilianets, is in federal custody awaiting trial.  Three other co-conspirators are still on the run.