The Office of Personnel Management (OPM) is the federal agency that deals with federal security clearances and federal employee records and as such contains sensitive personal information of millions of Americans who work for or have worked in the past for the federal government. Late Thursday, it was announced that hackers had managed to steal employee data on at least four million present and former federal employees. Although the data breach was announced just yesterday, the breach was first found in April and appears to have originated more than a year ago. This is the third major data breach in the last year of the federal government following successful hacks into the White House and State Department email systems and the Office of Personal Management which was hacked last summer although at that time the files stolen totaled tens of thousands rather than millions.
Last year’s hacking into the OPM’s computers was thought to be the work of Chinese hackers who appeared to be looking for information on people with top security clearances who might be the targets of further identity theft or even extortion by the Chinese government looking for classified information it could use in commerce, foreign affairs or espionage. Although it is initially been indicated by federal investigators that the latest OPM data breach was done by Chinese hackers, whether the goal is espionage or identity theft for profit is unclear at the present time. The Social Security numbers and other personal identifying information targeted in this latest hacking would generally be used for identity theft purposes, but when coupled with other personal information could also be used for extortion purposes of federal employees, some of whom are in sensitive positions or even for finding out the profiles of people who get security clearance in the United States and using that information to tailor the appearance of spies to meet those profiles.
The OPM was already in the process of making necessary security changes to prevent this type of hacking by restricting remote access of its computer networks and limiting the Internet accessibility of some information, however, these and other security measures were not fully implemented in time to thwart this massive data breach.
The advice for present and former federal employees is the same as for any victim of a similar data breach. Check your credit report for free through annualcreditreport.com to see if damage has already been done. Remember, in this data breach as with most data breaches, the damage has gone on for some time before it is discovered and made public. Put a credit freeze on your credit report so that someone with your Social Security number will not be able to access your credit report to establish credit in your name. You may also wish to change user names and passwords for your accounts and make sure that you use unique passwords for every account that you have. Monitor your bank accounts, investment accounts and credit card accounts for fraudulent use. You may wish to close accounts and open new ones for extra protection. Remember, even paranoids have enemies.