It was a month ago that I first reported to you about the hacking of the federal Office of Personnel Management (OPM) in which personal information on anywhere between 4 million and 14 million people was compromised. The large discrepancy in the number of people who may have been affected by the hacking is due to the fact that although files on 4 million people were accessed, there was information on many millions more within those files. The risk of identity theft is quite high for those affected by the data breach. Meanwhile, as they always do, other scammers are taking advantage of people’s legitimate concern about their risk of identity theft and sending out emails that purport to be from the Office of Personnel Management appearing to offer help when all they really are doing is phishing for personal information that can be used to make the targeted person a victim of identity theft. OPM has hired CSID, a company that provides identity theft protection and fraud resolution services and is offering 18 months of free credit report access, credit monitoring, identity theft insurance and recovery services to those people affected by the data breach. However, be very skeptical of emails that appear to come from CSID offering assistance, but asking for information. CSID’s URL for this purpose is opm.csid.com. Be particularly wary if you receive an email purporting to be from CSID that is not from that address. In fact, it is a good idea not to trust any email that asks for personal information without confirming first that it is legitimate.
First, if you are one of the millions of people affected by this data breach, I suggest that you go to the OPM’s website for the latest announcements as to the status of the data breach and what you can and should do to protect yourself. Here is a link to the OPM’s page with the latest information: http://www.opm.gov/news/latest-news/announcements/
Also, if you are affected by the data breach, here is a link to CSID’s website where you can safely enroll for services: https://www.csid.com/opm/
As for all of us, a good lesson to avoid becoming a victim of phishing that leads to identity theft, never click on links in emails or text messages or provide information requested in an email or a text message unless you have absolutely confirmed that it is a legitimate. It is easy to send a phony email that looks quite legitimate.