OPM Lost Five Times More Fingerprints Than Originally Reported


Today, NTEU received updated information from the Office of Personnel Management (OPM) regarding the recent background investigations breach that affects approximately 21.5 million individuals. First announced in early June, this enormous breach involves the theft of Standard Forms 85, 85P, and 86 that are filled out by federal job applicants, employees and contractors, as well as other background materials and records, including investigative notes. 

Until today, OPM had stated that 1.1 million of the 21.5 million compromised individuals whose background records were stolen also had had fingerprint data stolen as part of this incident. However, OPM has now announced that the number of individuals whose fingerprint records were stolen has risen to 5.6 million. OPM also confirmed that an inter-agency working group that includes the FBI, the Intelligence Community, and the Departments of Homeland Security and Defense continue to analyze all of the impacted data and records. According to federal cyber experts “the ability to misuse the stolen fingerprint data is limited. However, this probability could change over time as technology evolves.” OPM also shared that this inter-agency working group will also be focusing on possible ways that U.S. adversaries could misuse fingerprint data now and in the future. And, OPM also stated that if in the future the U.S. government determines that methods do exist to manipulate and misuse this fingerprint data, that the government will provide additional information to these 5.6 million individuals. 

This is yet further evidence of why three years or less of protection is totally inadequate for individuals compromised in this massive data breach. We continue to advocate with the Administration and on Capitol Hill for lifetime credit protection for all affected individuals, and strongly support Senator Cardin’s (D-MD) and Rep. Eleanor Holmes Norton’s (D-DC) RECOVER Act that would provide lifetime credit monitoring and identity theft protection (H.R. 3029 in the House/S.1746 in the Senate).  Additionally, NTEU continues to pursue our lawsuit to provide lifetime credit monitoring and identity theft protection for our members. 

Further, NTEU remains troubled that notifications to individuals affected in this breach have not started. Based on earlier information provided to NTEU by OPM, it is expected that the Department of Defense will begin notifying these 20 million plus individuals by the end of this month, over a 12 week period.     

NTEU will keep you updated on any further developments regarding these breaches. As a reminder, OPM is providing general information on the breaches that is being updated at:  https://www.opm.gov/cybersecurity .