Skip to main content
banner image
venafi logo

Biometrics Stolen During OPM Breach—Your Fingerprints May No Longer Be Your Own

Biometrics Stolen During OPM Breach—Your Fingerprints May No Longer Be Your Own

September 23, 2015 | Tammy Moskites

During what is believed to be the biggest breach in U.S. history, it was reported that along with all of the other sensitive data, over 5.6 million fingerprints were also exposed to the hackers.

While you may think that spies wearing life-like masks and gloves with false fingerprints on them to commit espionage could only happen in a Mission Impossible plot, you may be shocked to know that with the biometric data that was stolen in the recent Office of Personnel Management (OPM) breach, this may now be possible.

Of course we hope these tricks will continue to only be acted out by Tom Cruise, but everyone should still be aware of the very serious fact that hackers obtained over 5.6 million fingerprints (originally estimated by the OPM at only 1.1 million, but has now grown) from the 21.5 million people whose personal data was stolen. Having these biometrics stolen is terrifying for two major reasons:

  1. There could be a brand new type of stolen goods being trafficked on the black market: biometrics.
  2. Those whose biometrics were stolen will have to deal with losing their identity for the rest of their lives.

It is still unclear what the hackers plan to do with the biometric data they have stolen, but already, impersonators are on the black market selling fake OPM-breached fingerprints. Knowing there is already a demand for them shows that biometric data may become the newest, “hot ticket data” hackers are after. This could now open up a Pandora’s Box for those impacted by the breach since your fingerprints, along with other biometric data, are exposed and easy for the taking. And the fact that you cannot change your fingerprints every few months, like you can a credit card number, is also scary because unlike stolen passwords and identity numbers, your fingerprints can’t be changed. Keeping your biometric data secure is a serious security concern that hasn’t been addressed much—at least not to-date.

Download Now - Close the Gaps in Identity and Access Management

Stolen Biometrics

Today, fingerprints are used for background checks, border crossings, workplace identification, and, more recently, unlocking smartphones. If your biometric data is stolen, being able to identify yourself by what was once the most trusted way, will no longer be an option for you. Even worse is that those U.S. diplomats and government agents whose sensitive biometric data was exposed by the OPM hack, if now stolen, could lead the hackers to even more horrifying information. It could have the potential to unlock devices that hold incredibly sensitive, current data like undercover investigations, international negotiations, and conversations that were kept secret for a reason.

In the early 1900’s, my grandmother’s brother (immigrant from Italy) was fingerprinted when he entered the U.S. He spent many years working in a brick yard—he literally burned off all of his fingerprints and always joked, “Now the government doesn’t know who I am!” Who would have thought that a century later, a cyber attack would leave millions of people in the dark wondering what hackers plan to do with their fingerprints and personal information.

Now is a really good time for the U.S. government and global companies around the world to consider better security measures around their biometric data. We simply can’t sit here and wait for another OPM-like breach to happen that leaves even more data for the taking.


Like this blog? We think you will love this.
Featured Blog

Surge in Machine and Human Identities Drive Security Policies at Organizations [Report]

‘Explosion’ of machine identities

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Tammy Moskites
Tammy Moskites

Tammy is Managing Director, Senior Security Executive at Accenture. She has 30 years of experience and is noted for her expertise leading IT security organizations. She was previously the CIO/CISO of Venafi Inc.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more