In April of this year, the U.S. Office of Personnel Management (OPM) reported that current and former government employees may have had their personal data compromised as a result of a personnel data breach allegedly conducted by Chinese hackers. While preliminary numbers showed that the number of people affected by the attack was around 4 million, a July 9 report from The New York Times said a second, related attack specifically related to the background investigation records of current, former, and prospective Federal employees and contractors could put the total number of those affected closer to 21.5 million. The breaches include significant personally identifying information such as Social Security numbers and fingerprints of many of those affected.
Millions Affected By Breach
The background investigation breach could compromise personal information for up to 19.7 million people who applied for background checks as well as 1.8 million non-applicants who are primarily spouses or co-habitants of applicants. According to the Times report, every person who has been given a government background check throughout the last 15 years may have potentially had sensitive personal information compromised by the hack.
OPM Now Facing Two Lawsuits
On July 15, a plaintiff filed a class action against the OPM, arguing that the organization failed to address vulnerabilities in its cyber security. The lawsuit alleges that since at least 2007, the OPM was aware of deficiencies in its cyber security protocol and failed to take steps to remedy these deficiencies.
This lawsuit follows on the tail of another lawsuit filed by the American Federation of Government Employees, which also alleges “material weaknesses” in the OPM’s cyber security protocol dating as far back as 2007. Additionally, there are currently measures in both the House and the Senate to require the OPM to “provide complimentary, comprehensive identity protection coverage to all individuals whose personally identifiable information was compromised during recent data breaches at Federal agencies.”
OPM Taking Steps to Notify and Protect Victims of the Data Breach
According to its official website, the OPM has already taken steps to notify individuals affected by the personnel breach. The notification process for those affected by the background investigation breach has not begun at this time. The OPM is offering 18 months of free background monitoring to every person affected by either of the breaches.
What to Do If You Think You May Have Been Impacted By the Breach
- Reach out to OPM. Because different states have different protocols in dealing with security breach reporting requirements and there is currently no federal reporting protocol, it is important to be proactive so you can take steps to protect your identity and your finances.
- If you don’t already have fraud protection measures on your account, contact your financial institutions to instate them immediately. By putting a security freeze on your accounts, you can ensure that no one can request your credit file or open a new account in your name without the ban being lifted first.
- Closing your current bank accounts and reopening new accounts can help prevent thieves from gaining access to finances.
- Take advantage of free credit reporting through annualcreditreport.com, which is authorized to release one free credit report every 12 months, under the law.
- Update all of your account passwords.
- Visit onguardonline.gov to learn how to protect your personal computer from vulnerabilities.
- If you find you are the victim of identity theft or notice any irregularities on your credit report or account statements, Identitytheft.org also offers useful information as to what steps to take to protect yourself from further complications.
Identity theft can take a serious financial and physical toll on its victims. We empathize with the plights of those who must fear the release of sensitive information and must now take all efforts to protect themselves from the theft of personal information. However, by taking the steps listed above, you can help keep your personal data out of the hands of criminals who may use it to their advantage.