The U.S. Office of Personnel Management has identified a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information.
Within the last year, the office has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. In April the office detected a cyber-intrusion affecting its information technology systems and data. The intrusion predated the adoption of the tougher security controls.
OPM has partnered with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team and the Federal Bureau of Investigation to determine the full impact to Federal personnel. The office continues to improve security for the sensitive information it manages and evaluates its IT security protocols on a continuous basis to protect sensitive data to the greatest extent possible. Since the intrusion, the office has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.
As a result of the incident, the office will send notifications to approximately 4 million individuals whose information may have been compromised. Since the investigation is on-going, additional information exposures may come to light; in that case, the office will conduct additional notifications as necessary. In order to mitigate the risk of fraud and identity theft, the office is offering credit report access, credit monitoring and identify theft insurance and recovery services to potentially affected individuals through CSID, a company that specializes in these services. This comprehensive, 18-month membership includes credit monitoring and $1 million in identity theft protection services at no cost to enrollees.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
OPM has issued the following guidance to affected individuals:
Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax, Experian, and TransUnion – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission website, www.ftc.gov.
Review resources provided on the FTC identity theft website, www.identitytheft.gov.
The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
You may place a fraud alert on your credit file to let creditors know to contact you before
opening a new account in your name. Call TransUnion at 1-800-680-7289.