The US Office of Personnel Management says that hackers who breached its systems over the summer made off with the fingerprint records of 5.6 million individuals, raising questions over the security of biometrically-protected identities.
Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from an initial estimate of 1.1 million to approximately 5.6 million.
The theft of fingerprint records is likely to send tremors through the financial services industry, which has been a cheer leader for the increased use of biometric data to protect access to buildings, computers and consumer mobile logins.
In a statement, the OPM says: "Federal experts believe that, as of now, the ability to misuse fingerprint data is limited. However, this probability could change over time as technology evolves."
In response, the US has assembled an interagency working group with expertise in this area - including the FBI, DHS, DOD, and other members of the Intelligence Community - to review the potential ways adversaries could misuse fingerprint data now and in the future. This group will also seek to develop potential ways to prevent such misuse.
"If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach," the OPM states.
While the stolen data may be of little use to hackers with a financial motivation at the moment, it will raise alarm bells for consumers, who have been slowly coming round to the use of biometrics for securing their personal financial information.