They've already been stolen from the OPM hack a few years ago.

Pssh, it's not like any of those people whose biometrics are stolen are in important decision-making roles. Oh wait...

I don't think most fingerprint with systems store actual fingerprints - think of it more like a hash, much like secure password storage. Stealing the data doesn't let you authenticate to other systems.

They store "minutiae" (sort of like keypoints) of the scanned fingerprints. As far as I know, there are no known methods of reliably hashing fingerprint/iris data.

The problem is the scanner/input-device. Unlike a password, the "input" is not always constant in what it gives you. So the resulted "hashed" value is not something you can "hit" again in order to do matching.

Some fingerprint drivers (like DigitalPersona) allow you to change a preset value that acts as a "salt" for the minutiae.

Obviously this salt must be shared among all installations of the driver for the results to be consistent.

However the end result is that you are not storing raw minutiae but its salted variant.

So question,

Why not do 2 factor authentication and require fingerprint + temperature sensor (has to be the right heat signature?

I guess answer is hardware isn't built that way yet, but I don't see why we can't get enough trust mechanisms that it has to be a real finger.