The U.S. Office of Personnel Management (OPM) is notifying approximately 4 million people whose personal information may have been compromised in a cyber-security incident, OPM announced June 4.
"Within the last year, OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks," reads an OPM news release published June 4. "As a result, in April, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls."
The office is currently working with the U.S. Department of Homeland Security and the Federal Bureau of Investigation to determine how the breach will impact federal employees. According to the release, OPM has implemented "additional security measures" to protect sensitive information.
"Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM," said OPM Director Katherine Archuleta in a statement. "We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted."
From June 8-19, the office will notify via email those people whose information could have been compromised in the breach through email. Notifications will come from opmcio@csid.com and will contain information about credit monitoring and identity theft protection services being made available to federal employees affected by the incident, according to the release. Those individuals without an email address on file at OPM will receive a letter via the U.S. Postal Service.
"OPM is offering affected individuals credit-monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution," reads the release. "This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM."
More information about the incident can be obtained at www.csid.com/opm, and by calling toll-free 844-222-2743. International callers can call collect at 512-327-0700.
********************
OPM has detailed steps for monitoring your identity and financial information
• Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
• Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus - Equifax�, Experian�, and TransUnion� - for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
• Review resources provided on the FTC identity theft website, www.identitytheft.gov. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
• You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion� at 1-800-680-7289 to place this alert. TransUnion� will then notify the other two credit bureaus on your behalf.
Precautions to help avoid becoming a victim
• Be suspicious of unsolicited phone calls, visits or email messages from individuals asking about you, your employees, your colleagues or any other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Do not send sensitive information over the Internet before checking a website's security (for more information, see Protecting Your Privacy, www.us-cert.gov/ncas/tips/ST04-013).
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (www.antiphishing.org).
• Install and maintain anti-virus software, firewalls and email filters to reduce some of this traffic (for more information, see Understanding Firewalls, www.us-cert.gov/ncas/tips/ST04-004; Understanding Anti-Virus Software, www.us-cert.gov/ncas/tips/ST04-005; and Reducing Spam, www.us-cert.gov/ncas/tips/ST04-007).
• Take advantage of any anti-phishing features offered by your email client and web browser.
• Employees should take steps to monitor their personally identifiable information and report any suspected instances of identity theft to the FBI's Internet Crime Complaint Center at www.ic3.gov.
• Additional information about preventative steps is available by consulting the Federal Trade Commission's website, www.identitytheft.gov. The FTC also encourages those who discover that their information has been misused to file a complaint with the commission using the contact information listed below.
Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
www.identitytheft.gov
1-877-IDTHEFT (438-4338)
TDD: 1-202-326-2502
Social Sharing