During what is believed to be the biggest breach in U.S. history, it was reported that along with all of the other sensitive data, over 5.6 million fingerprints were also exposed to the hackers.
While you may think that spies wearing life-like masks and gloves with false fingerprints on them to commit espionage could only happen in a Mission Impossible plot, you may be shocked to know that with the biometric data that was stolen in the recent Office of Personnel Management (OPM) breach, this may now be possible.
Of course we hope these tricks will continue to only be acted out by Tom Cruise, but everyone should still be aware of the very serious fact that hackers obtained over 5.6 million fingerprints (originally estimated by the OPM at only 1.1 million, but has now grown) from the 21.5 million people whose personal data was stolen. Having these biometrics stolen is terrifying for two major reasons:
It is still unclear what the hackers plan to do with the biometric data they have stolen, but already, impersonators are on the black market selling fake OPM-breached fingerprints. Knowing there is already a demand for them shows that biometric data may become the newest, “hot ticket data” hackers are after. This could now open up a Pandora’s Box for those impacted by the breach since your fingerprints, along with other biometric data, are exposed and easy for the taking. And the fact that you cannot change your fingerprints every few months, like you can a credit card number, is also scary because unlike stolen passwords and identity numbers, your fingerprints can’t be changed. Keeping your biometric data secure is a serious security concern that hasn’t been addressed much—at least not to-date.
Download Now - Close the Gaps in Identity and Access Management
Today, fingerprints are used for background checks, border crossings, workplace identification, and, more recently, unlocking smartphones. If your biometric data is stolen, being able to identify yourself by what was once the most trusted way, will no longer be an option for you. Even worse is that those U.S. diplomats and government agents whose sensitive biometric data was exposed by the OPM hack, if now stolen, could lead the hackers to even more horrifying information. It could have the potential to unlock devices that hold incredibly sensitive, current data like undercover investigations, international negotiations, and conversations that were kept secret for a reason.
In the early 1900’s, my grandmother’s brother (immigrant from Italy) was fingerprinted when he entered the U.S. He spent many years working in a brick yard—he literally burned off all of his fingerprints and always joked, “Now the government doesn’t know who I am!” Who would have thought that a century later, a cyber attack would leave millions of people in the dark wondering what hackers plan to do with their fingerprints and personal information.
Now is a really good time for the U.S. government and global companies around the world to consider better security measures around their biometric data. We simply can’t sit here and wait for another OPM-like breach to happen that leaves even more data for the taking.