"It's probably the biggest counterintelligence threat in my lifetime," Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency and now an executive vice president at the cybersecurity company Darktrace, told the National Journal. "There's no situation we've had like this before, the compromise of our fingerprints. And it doesn't have any easy remedy or fix in the world of intelligence."
Unlike other information compromised, such as social security numbers and passwords, a fingerprint cannot easily be changed. A fingerprint remains with you for life, and now that personal piece of information is in the hands of those who stole it — for good.
It remains unclear which personnel has had their prints comprised, as OPM is still focused on assessing the breach.
This specific type of data heist could lead to frightening problems as technology continues to advance.
"It's really horrifying, on so many levels," Peter Singer, a strategist at the New America Foundation and a consultant for the military, told the National Journal. "This is different from the other breaches because this is a cyberattack that was not about intellectual-property theft. It was not about economic advantage of some sort. This is what we call preparing the battlefield."
This could cause problems for the US government, as a new means of biometric verification — such as iris scans or facial recognition — will likely have to be set in place, as the fingerprints are no longer secure.
"There's a big concern [with the OPM hack] not because of how much we're using fingerprints currently, but how we're going to expand using the technology in the next 5-10 years," said Robert Lee, cofounder of Dragos Security, which develops cybersecurity software.
Most covert CIA spies were not affected by this hack, as the CIA maintains their own databases, but agents who have previously worked elsewhere and were required to submit a security-clearance form to OPM are vulnerable.
OPM maintains sensitive personnel data for most US executive agencies, ranging from the NSA, to the FBI and the Department of Defense.
Penrose believes that the compromised prints were digital scans rather than the old ink-based type, meaning they likely belong to current and/or recent employees.