OPM Breach Increases Identity Theft Concerns
October 26, 2015
The Office of Personnel Management disclosed that an additional 4.5 million fingerprints were compromised in the security breach that occurred on their networks in 2014. Initially, the OPM thought that only 1.1 million fingerprints were compromised. Now, they’ve found that out of the 21.5 million people who had their information breached, 5.6 million also had their fingerprints compromised.
Biometrics was the Solution
Before the breach, biometric passwords like fingerprints were seen as a simpler alternative to passwords. Passwords can be too simple, which makes them easy to hack. People also use the same passwords for all of the different accounts they have, so when one website gets hacked, victims have to scramble to change their passwords across different sites. The people who use complex passwords often forget them — and choose to write them down, making them insecure.
Some people use password managers like LastPass to keep track of all of their passwords, but that service has also been the target of a cyber breach. Biometric passwords were supposed to be the more secure solution to keeping sensitive information private. Motorola and Apple have added fingerprint readers to their phones, so customers can unlock their devices without a password. Samsung also included a fingerprint scanner on the “home” buttons of their Galaxy phones.
Fingerprints, unlike simple passwords, were thought to be harder for hackers to steal and replicate, but the breach at OPM proves otherwise.
Long-term Security Concern
The biggest concern for security researchers regarding the compromised fingerprints is the permanence of the damage. If someone’s site log-in information gets stolen, they can just change their password. People who have had their credit cards stolen can call the company to cancel their cards, and monitor their financial statements. Although it’s a hassle to change Social Security numbers, people who have had their Social Security numbers compromised can get new ones. The 5.6 million people who had their fingerprints compromised in the OPM breach will have to be on the lookout for identity theft for years, since fingerprints can’t be changed.
Security researchers believe the OPM was targeted by hackers because the office serves as a federal human resources department. The hackers were able to compromise the data belonging to current and former federal employees, and retirees. The hackers went after the forms federal employees used to request additional security clearances. Employees requesting additional security clearances had to provide personal medical information, and personal financial information about themselves, and their family members.
The breach at the OPM has affected millions of people across America, who will now have to monitor their information for identity theft. In an effort to improve the security measures used to protect sensitive information, the National Strategy for Trusted Identities in Cyberspace (NSTIC) revealed that it has invested $3.7 million in funding to three new digital identity protection programs.
The three pilot programs will focus on creating security solutions that prevent identity theft, and improve how data is stored online. This breach shows how identity theft is on the rise, and how businesses should now invest in additional identity verification services as a precaution. Businesses can use card scanners as an additional measure of security to verify employee IDs.
Through ID verification, businesses can ensure that only the right employees have access to sensitive data. By using an extra layer of security, businesses can protect their employees from identity theft.