OPM Breach: A Personal Account of Compromised Biometric Data
OPM Breach Reveals Need for Greater Security Protections with Personal and Biometric Data
Once upon a time, not so long ago, I had to go through a relatively extensive background check process. At the time it was one of those situations where you sign into the portal, provide your social security number, a myriad of sensitive information about you and your family, and trust the federal government (and their contractors) to take care of that personal data.
As I got home the other night and sat down to begin writing this blog post, I looked at the stack of mail sitting on my desk and noticed one of those envelopes with the perforated edges that usually contain sensitive information.
Of course, you have to open those types of envelopes. Unfortunately at that moment all of my worst fears had come true.
What I found was my very own letter detailing that essentially every sensitive piece of information one might want to know about me – as well as similar information on 21 million other Americans – was accessed during the OPM breach.
Oh, and by the way, there’s the fact that my biometric identity was also compromised:
At this point, even though "federal experts" believe that it’s no big deal, my iPhone disagrees with them. Bruce Schneier wrote an excellent piece on this, so I won’t belabor the points he makes. But at some point we all have to ask some tough questions:
When is this going to stop?
Who is responsible for stopping it?
Who is going to actually stop it?
Who is going to be held accountable when breaches happen?
These types of breaches are why we at Ziften are so passionately building our next-generation security tools. While we as a security community may never completely stop or prevent these types of breaches from happening, perhaps we can make them so much more difficult and time consuming. At the end of the day, until the community says "enough is enough" this is going to continue to happen on a daily basis.