WHEN HACKERS STEAL your password, you change it. When hackers steal your fingerprints, they’ve got an unchangeable credential that lets them spoof your identity for life. When they steal 5.6 million of those irrevocable biometric identifiers from U.S. federal employees—many with secret clearances—well, that’s very bad.

Source: OPM Now Admits 5.6m Feds’ Fingerprints Were Stolen By Hackers | WIRED

While I agree that this is not good, I wonder how much we conflate the theft of a fingerprint (for example) vs. a representation of a fingerprint.

In some cases, depending on the way the sample is taken, they could be close enough to be the same. I’m imagining some in-depth 3D capture or something.

But aren’t there many cases where the software that captures the bio marker does so in a unique way that doesn’t give you the ability to essentially have the finger, or eye, or whatever?

In other words, when these federal prints were stolen, or iris data is stolen from some other company/technology, will that always equate to compromise of the finger or eye?

And if not, then how much of a gap is there? And how often is there such a gap?