It appears, unfortunately, that the recent hacking of the U.S. Office of Personnel Management (OPM) affects far more people than initially assumed. Yesterday, the agency revealed that sensitive personal information, including Social Security numbers, has been compromised for the over 21.5 million people in the agency’s database.
In its forensics investigation into the attack, the OPM discovered that the incident affected the background investigation records of current, former and prospective federal employees and contractors. It appears that hackers were able to access records that include Social Security Numbers, residency and educational history, employment information, family information, financial details, health details, information about past criminal records and more. The OPM user names and passwords used by job applicants were stolen, as was fingerprint data on over 1.1 million people.
Armed with data lost by the OPM, a thief could easily bypass the standard security questions and open new lines of credit in a victim’s name. And sadly, once your data is stolen, it’s forever compromised – victims must be vigilant for the rest of their lives against opportunistic financial crimes. And given the scope of the data in the stolen files, family members of victims need to be on guard too.
As is standard in these situations, the federal government is offering at least 3 years of fraud protection services to those whose data was stolen. This includes identity restoration support, identity theft insurance, identity monitoring, continuous credit monitoring and fraud monitoring services beyond credit files. If you suspect your information has been compromised in the attack, be sure to take advantage of these free services as soon as they’re made available. In the meantime, however, keep an eye out for unusual activity on all your personal accounts and be on guard against phishing attempts that may try to use the stolen information to appear like a legitimate communication. Up-to-date security software will help. We at Techlicious like BitDefender, but most software will detect and warn you against suspected phishing attempts.
For more information on the recent OPM attack, you can visit the special Office of Personnel Management Cybersecurity Incident information page at opm.gov.