Hackers who stole personnel data on millions of U.S. federal employees got away with more fingerprint images than originally thought, according to the government agency hit by the massive cyber attack.
In a statement Wednesday, the Office of Personnel Management said further investigation revealed that 5.6 million fingerprint records were stolen in the attack, or more than five times as many as first thought.
The attack, first discovered earlier this year, affected nearly 22 million current and former federal workers, job applicants, and their families.
U.S. investigators have told reporters privately they believe the Chinese government is responsible for the breach, but officials have not yet made this accusation publicly.
President Barack Obama is expected to prominently raise the issue of cyber attacks when he meets Chinese President Xi Jinping at the White House for a state visit later this week.
The Obama administration says cyber attacks, particularly Beijing's alleged theft of commercial secrets, have become a major irritant to U.S.-China ties.
However, White House officials have been more reluctant to bring up the OPM attack, which is seen as a more classic case of government espionage.
If the Chinese government did carry out the breach, it is not clear how exactly it intends to use the federal worker data. U.S. officials say they have no evidence the information has been abused so far.
Federal experts also believe that, "as of now, the ability to misuse fingerprint data is limited," according to the OPM statement. "However, this probability could change over time as technology evolves," it said.
The OPM says an interagency working group, including the FBI, Department of Defense, and Department of Homeland Security, has been set up to "review the potential ways adversaries could misuse fingerprint data now and in the future."
The revelation could particularly put at risk any U.S. intelligence officers or contractors working covertly overseas whose prints have been taken.
The U.S. has blamed China for a series of high-profile cyber attacks on U.S. government and business entities in recent years. China has strongly denied all the allegations.
