OPM Hacked: What You Need To Know and What You Can Do
Last week, the U.S. Office of Personnel Management (OPM) announced that in April they found a data breach in their system from last year. OPM manages security clearances for most government agencies, as well as managing the Federal Civil Service.
According to OPM, the breach may have compromised the personal information of four million current and former Federal Employees, dating back to 1985 (according to engadget.com and businessinsider). This is one of the largest data breaches of the U.S. Government in history.
According to Jacqueline Simon, the policy director for the American Federation of Government Employees, in a report from NPR, the information that may have been compromised could include:
“…their military records, their veteran’s status, their pay, their position, their educational records, obviously, name, address, date of birth, marital status, information on their dependents, their health insurance, their retirement, their life insurance.”
OPM has not directly identified what information may have been compromised, only describing it as “Personally Identifiable Information.” OPM CIO Donna Seymour has said (via ihealthbeat.org) the information could include what would be normally found in a personnel file, but not health care or bank account information. In short, due to conflicting reports, we are not quite certain what information has been taken, only that it has been.
That’s all the bad news. So what’s the good news?
OPM has also said, according to multiple sources, including Simon and LegalShield, that by June 19th individuals who may have been compromised will receive a notification and will be offered 18-month access to credit reports, monitoring, identity theft insurance, and recovery services.
What can you do?
Here are some additional steps you can take to be extra cautious in a time like this:
1. Be wary of any emails you receive. Since this is a sensitive event, some scammers may use this to try to get information disguised as an insurance or credit monitoring company.
2. Keep an eye on all your accounts. Make sure that you know what is going on and will notice if something happens. You don’t want to open your account for the first time in weeks and see that your money is missing. Report any account activity you see that is inconsistent with your own actions.
3. According to LegalShield, there are three national credit reporting agencies that you have the right by federal law to get fraud alerts from: Equifax, Experian, and TransUnion. You can find the phone numbers for these companies at the bottom of this article, should you want them. You can also get a free credit report from them once each year.
4. Shred financial documents and credit offers that you DON’T need.
5. If your identity is stolen, contact at least one (all three wouldn’t hurt) of the credit agencies and request a credit alert, which will have businesses alert you if any new accounts are opened in your name.
6. Call your issuer if there are any fraudulent charges and dispute them right away.
7. Report any wrongful use of your information to the FTC (Federal Trade Commission) and the FBI (through the internet crime complaint center).
8. Change your passwords. Make sure they are not based off an actual word, your name, or a sentence. Change the passwords for anything that has your personal information in it. Don’t use the same password for multiple things.
9. Keep a record of everything. Keep any emails you get and take notes on phone calls that you make.
10. It isn’t just your money. This concerns a lot of your information, so make sure to keep an eye on more than just your credit cards. Keep in contact with the SSA about your Social Security number as well.
11. NEVER put your personal information into an email, no matter who it is from.
12. Use anti-virus, firewall, and protection software as much as you can.
Keep Calm and be Careful!
This is one of the largest breaches of U.S. Government data in history. It is not clear why this was done or exactly who did it, but what is certain is that this was done on purpose, and that plenty of information has been compromised into the wrong hands. There are precautions you can take, and services available, so it is a good idea to take advantage of all of them.
Disclaimer: this is not an advertisement, but is for full disclosure and public information.