OPM Announces Second Major Security Breach
Millions More Could Be Affected
June 22, 2015
The recent announcement by the Office of Personnel Management (OPM) of a second major breach of data on “current and former employees of the federal government whose records OPM manages” could affect many APWU members, said Retirees Department Director Judy Beard.
“OPM manages the records of postal retirees, as well as the records of current and former members of the military, so this could mean you,” she said.
OPM has confirmed that approximately 4 million active, retired and former federal employees were affected by the first breach, which was discovered in April and announced to the public on June 4.
The agency has not yet estimated the impact of the second breach, which was discovered in May. The second cyber intrusion exposed information contained in background checks (including the highly sensitive SF-86 forms) of “current, former and prospective federal employees and those for whom a federal background investigation was conducted.”
Not Encrypted, Not Notified
At a hearing before the House Oversight and Government Reform Committee on June 16, OPM Director Katherine Archuleta confirmed that Social Security numbers in OPM’s computer systems remain unencrypted. “This makes all of those affected by the breach vulnerable to credit fraud,” Beard said.
OPM also confirmed in a June 18 update to its website that notification to those affected by the breach were not completed by June 19, the date initially announced by the agency.
APWU President Mark Dimondstein has requested a meeting with OPM to ascertain the number of current and former members who were affected by the breaches and to ensure that the agency is taking appropriate steps to mitigate the intrusion. “The APWU is fully committed to protecting the privacy of APWU members, both active and retired,” he said.
Credit Monitoring
Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax, Experian, and Trans Union – Beard pointed out. “We recommend that you don’t wait for a notification from OPM to examine your credit history. You may order a report from each bureau all at once, however we recommend that you stagger your order – request a report from each credit monitoring company at a different time,” she said. "Receiving reports periodically throughout the year may give you more comfort of knowing what’s going on with your credit history."
You can request your credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
If you have received a notice from OPM and are concerned about your credit history, you may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion at 1-800-680-7289 to place this alert. TransUnion will then notify the other two credit bureaus on your behalf.
“For those who received notification from OPM, we urge you to follow their instructions by enrolling in the CSID Protector Plus program offered,” Beard said.