Millions of fingerprints stolen in US government hack

Berikut ini berita yang di ambil dari dan dipublikasikan pada 24 September 2015 dan beberapa sumber lainnya:


Hackers who breached US government networks stole far more fingerprint records than first thought, officials have said.

In a statement, the White House said more than 5.6 million fingerprint records were stolen from the Office of Personnel Management (OPM).

An initial investigation suggested only 1.1 million were lost.

The OPM acts as the personnel office for the US government and keeps records on 21.5 million federal staff.

Identity risk

The OPM attack was uncovered in April this year and saw attackers make off with ID and security clearance information about US government staff. Social security numbers, names, addresses, health, financial and biometric data were all taken.

Fingerprint records were also stolen and the continuing investigation into the breach has revealed that far more went missing than initially thought.

The OPM played down the significance of the fingerprint theft saying that the ability to abuse the data was “currently limited”. However, it acknowledged that the risk could rise as technology improved and fingerprints were increasingly used as a guarantee of identity.

“An inter-agency working group with expertise in this area … will review the potential ways adversaries could misuse fingerprint data now and in the future,” it said in a statement.

 The FBI, Pentagon and Department of Homeland Security are all part of the task force assessing how losing fingerprint data might affect victims.

The OPM said it would soon start a massive project to inform all the people whose data had been stolen.

Ken Munro from security firm Pen Test Partners said: “The biggest concern about biometrics since day one has been revocation.

“It is easy to get a new password, pin or credit card after a breach but it’s rather harder to get new fingers.”

The announcement about the scale of the hack comes as Chinese President Xi Jinping makes a state visit to the US. Security experts have pointed the finger at China as the source of the attack but it has always denied any involvement.

Mr Xi and President Obama are due to talk about cybersecurity when they meet later this week.


OPM government data breach impacted 21.5 million

(CNN)Government investigators now believe that the data theft from the Office of Personnel Management computer systems compromised sensitive personal information, including Social Security numbers, of roughly 21.5 million people from both inside and outside the government, the government announced Thursday.

Of these, hackers obtained information from the security clearance applications — known as SF-86’s – of 19.7 million people.

Another 1.8 million were non-applicants comprised mostly of spouses and partners of applicants.

OPM had initially estimated the hackers obtained the files of 4 million people with information listed on the servers containing personnel data of current and former government employees.

Republicans called on President Barack Obama to remove OPM Director Katherine Archuleta.



Posted on July 10, 2015 by

The true extent of the April 2015 attack on the U.S. Office of Personnel Management (OPM) has now been revealed, with the OPM confirming that the Social Security Numbers (SSNs) of 21.5 million individuals was stolen from the background investigation databases.

This confirmed number of 21.5 million is a huge difference to the 4.2 million figure first reported by the OPM. The OPM, however has stated that the 4.2 million figure relates to a separate 2015 attack, noting that its investigations had uncovered two separate but related cybersecurity incidents on its systems.

The 21.5 million SSNs stolen belonged to 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants. 1.1 million SSNs included fingerprints of applicants.

It seems that any individual who underwent a background investigation through OPM in 2000 or afterwards, is highly likely to be impacted by the attack. The OPM are offering those affected varying support, from identity theft insurance to full service identity restoration support. Maybe seen as too little, too late, the OPM has also set up a cybersecurity incident resource centre, offering information regarding the incident and offering best practices to secure data, protect against identity theft, and stay safe online.

Nicko Van Someren, CTO at Good Technology, commented: The scariest thing about this breach is not just the scale of it, but the depth. The data that’s been taken are the life histories of over 21m people, not just credit card numbers.  It’s enough to impersonate any of these people, which is bad enough from an identity theft perspective, but when they’re government employees, it’s potentially devastating.”

Rajiv Gupta, founder and CEO of Skyhigh Networks, said: “More often than not, storing sensitive data on-premise, as the OPM did, is the information security equivalent to stashing the crown jewels under your mattress.  Even when it makes sense to store some sensitive data on-premise, organisations need to deploy well-developed tools to detect and block the anomalous red flags the OPM breach likely exhibited before it reached the scale it did.

“If the government had partnered with an enterprise-class cloud service, they would’ve had the multi-factor authentication in place to prevent this whole disaster. The government’s reluctance to leverage cloud computing prevents them from realising the benefits of cutting-edge security capabilities that are battle-tested every millisecond, not to mention the agility and cost benefits. Why have five government security employees scrambling to create and continually update homegrown, on-premise solutions when you could have the world’s leading minds focused on it 24/7? It’s time to stop thinking of cloud computing as risky when the alternative is clearly riskier.”



Union: Hackers Stole Data on All US Federal Employees

VOA News | June 12, 2015 3:22 AM

An American labor union said hackers are now in possession of sensitive personnel information on all federal employees following a major cyber intrusion that U.S. officials say originated in China.

The American Federation of Government Employees made the claim Thursday in a letter to the Office of Personnel Management, or OPM, the federal government’s human resources agency that was targeted.

“The hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees,” said union president David Cox in the letter.

The OPM said last week as many as 4 million current and former federal employees may have been affected by the December hacking, in what is the most extensive breach of government personnel data in years.

The stolen information includes Social Security numbers, addresses, birth dates, as well as job and salary histories, according to the AFGE, which based its assertion on what it said was incomplete information provided by the OPM.

The agency, citing security concerns, so far has failed to provide detailed information about what exact information was stolen or what personnel were targeted.

The AFGE said the breach represents an “abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”

Some U.S. officials and lawmakers have said China-based hackers, possibly with links to Beijing, carried out the attack. China dismissed the accusations as “irresponsible.”



On 15 Jun, 2015 By Christopher Woo

As is the case with many government screw-ups, the Office of Personnel Management (OPM) hack reported last week has now been revealed to be much more worse than originally thought. Instead of four million civilian federal employees having their PII exposed, investigators now believe as many as 14 million prospective, current and former employees have been exposed(link is external). In addition to the usual PII (name, address, Social Security #, DOB, etc) the information also included background investigations which are known to include things like arrest records, financial history, medical problems, as well as information about colleagues, friends, neighbors and relatives.

What this means for you:

Given the large number of current and former government workers, it’s highly probable you or someone you know falls into the 14 million compromised in this attack. There are things you or they should be doing, not the least of which are the following:

  • Set up credit monitoring for you and your family – take advantage of the free services offered, or set up something independently.
  • Freeze your credit file – Krebs on Security has an excellent explanation(link is external) of how to accomplish this.
  • Review the Federal Trade Commission’s recommended actions(link is external).
  • Watch your important online accounts like a hawk and investigate any suspicious activity immediately.



Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:


You are commenting using your account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )


Connecting to %s

%d blogger menyukai ini: