OPM Hack Worse Than Previously Thought (Again)

The Office of Personnel Management (OPM) announced on Wednesday that hackers got their hands on significantly more sensitive information than previously thought, referring to millions of additional stolen fingerprints.

"The subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million," the agency's statement reads.

In June, the U.S. government said OPM systems had been hacked, compromising more than 21 million prospective, current and former government employees' personal information. This information was collected as part of background checks, dating back to at least 2000, and includes Social Security numbers, sexual history, drug use and fingerprints.

While many have expressed concern over the potential of this information to be used in blackmail scenarios, privacy experts are most worried about the sweep of biometric data due to their permanence. Fingerprints, for instance, cannot be changed, and their collection by an adversary could spell disaster for intelligence officers operating secretly around the globe.

"Federal experts believe that, as of now, the ability to misuse fingerprint data is limited," OPM said in its statement. But the agency conceded that "this probability could change over time as technology evolves." As a result, the statement adds, a collection of agencies, including FBI, DHS and DOD, "will review the potential ways adversaries could misuse fingerprint data now and in the future" and "seek to develop potential ways to prevent such misuse."

"If, in the future, new means are developed to misuse the fingerprint data," OPM adds, "the government will provide additional information to individuals whose fingerprints may have been stolen in this breach."

China is largely thought to be behind the massive breach, though U.S. government officials are reluctant to name and blame the Chinese for the cyberattacks.

The OPM breach is considered one of the largest in U.S. history, and the U.S. government is offering limited identity theft and fraud protection services to those affected.