The Office of Personnel Management and the Department of Defense are analyzing a data breach which has resulted in stealing of around 5.6 million fingerprint records of federal workers. Initial reports put the number at 4.5 million, however the latest report released on Wednesday 23rd September suggests that the number is as high as 5.6 million.
WIRED contacted the OPM asking for details of which of fed employees’ fingerprints were stolen; but they still haven’t received any response. The hack was discovered a few months ago and the data pertains to security clearances for past several years. Although there has been no official statement about who the hackers could be, privately it has been acknowledged by the US government officials that the act was perpetrated by either Chinese hackers or hackers backed by the Chinese government.
Chinese President Xi Jinping is in the United States and is scheduled to meet US President Barack Obama. Obama has recently stated that cyber threats posed by Chinese governments or the hackers backed by it is “an act of aggression that has to stop.” President Obama’s meeting with President Jinping will include addressing the issue of cyber security.
On Wednesday Josh Earnest the White House Spokesperson said that the investigations are still underway and currently the investigators do not “have any conclusions to share publically about who may or may not have been responsible.” The figure of 5.6 million could also be inconclusive as the attack could have affected over 21.5 million fed employees as stated earlier by OPM. OPM had confirmed that the victims of the attack were military and intelligence employees who had security clearances and the attack had its origin in China.
OPM said in a statement on its website, “During that process, OPM and [the Department of Defense] identified archived records containing additional fingerprint data not previously analyzed. Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.”
OPM will be dispatching letters to all the victims and has offered them free credit monitoring. OPM also stated that the stolen data is not a major threat since the misuse of it is highly unlikely due to various limitations. It further said that “An interagency working group with expertise in this area … will review the potential ways adversaries could misuse fingerprint data now and in the future”.
The OPM statement further added that if new technology is developed in future to misuse the stolen fingerprints, more information will be provided to the fed employees whose fingerprints have been stolen.
An Advanced Persistent Threat termed Blue Termite has targeted several Japanese companies since November 2013. Antivirus major Kaspersky Lab started working on the APT in the month of October 2014. Although the instance is not unprecedented, it is the first time that an APT has targeted Japanese companies that have their Client to Server (C2S) […] Continue reading →
As per United Airlines, a group of hackers from China were responsible targeting United Airlines network and stealing customer information. United Airlines experienced a cyber attack on its network during the month of June as per Bloomberg reports, citing sources familiar with this matter. “The hackers who stole data on tens of millions of U.S. insurance […] Continue reading →
Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions and lot of new […] Continue reading →
“Although EC-Council has been respected by corporations and governments, many in the in the security community don’t agree the way they certify and considered it as useless certification ” Analysts predict that Passports of more than 60,000 US military and government IT professionals at risk Hacker went by the name of Eugene Belford, claims to […] Continue reading →
Recently a zero day vulnerability in Internet Explorer was discovered(CVE-2014-0322)). Researchers from Fireeye has identified that hackers are using this vulnerability in targeting US military personals. Furthermore they also suspect that this may be a very strategic campaign (Operation Snowman) during the President’s day weekend. FireEye researchers observed drive-by-download attack which alters HTML code of the […] Continue reading →
The Syrian Electronic Army – a hacker group supportive of Syrian President Bashar Assad – managed to hack into Facebook, on the week of 10th Anniversary. The hackers first claimed to obtain Facebook.com as published on twitter at approximately 6:30 Eastern Standard Time. WHOIS search on domain registrar indicated that the email address was tied […] Continue reading →
On the Republic day of India ( Jan 26th), Pakistani hackers defaced a total of 2,118 Indian websites, including one of the major bank Central Bank of India and the website of model Poonam. Ms. Pandey’s hacked website, identified as “Team Madleets”, displayed messages like “Pakistan Zindabad.” and raised the Kashmir issue as per TOI. The actual […] Continue reading →
Syrian Electronic Army targets ebay UK and Paypal – UK today for defacement. SEA provided the confirmation of hack on Twitter, with an example of what appeared to be PayPal.co.uk’s website followed up by a tweet labeled “Internal Paypal communications confirming penetration” The purported of defacement on PayPal.co.uk read, “Hacked by the Syrian Electronic Army. Long live Syria. F*ck the United […] Continue reading →
Agencies of China, Romania and the United States have jointly acted with the India Central Bureau of Investigation (CBI) against cyber criminals in these countries who were allegedly hacking into US based websites. According to sources from TOI, Amit Tiwari was arrested on the information shared by the FBI, which were interrogating a global hacker […] Continue reading →