As you all know by now and as I first reported to you in 2014 and again last summer, the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of more than 21 million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  In October, the OPM began notifying victims of the massive data breach about the identity theft protection services the government will make available to them for the next three years.  The notification process is taking about three months with many notification letters only recently having been sent.  I have been contacted by clients of mine inquiring as to whether the notices they received are real.   It is important to remember that the official notice is only being sent by regular mail.  No email notices will be sent so if you get an email that purports to be from the OPM, it is a scam.   The federal government has chosen Identity Theft Guard Solutions to provide  three years of identity theft protection to victims. In the notification letter you are urged to contact the OPM’s security website to enroll in the free identity monitoring program and you are provided a PIN to use in order to enroll.

Identity thieves have been copying the letter and changing the website address where you are directed to go to enroll in the identity theft protection services, directing people to a phony website where they will be prompted to provide personal information purportedly to enroll in the program.  If you provide personal information to these scammers, you will end up a victim of identity theft.  Here is a link to the official website for enrolling in the credit monitoring services being offered by the OPM:

Once there you will be prompted to input your PIN and only the last four digits of your Social Security number.


If you were a victim of the OPM data breach, you should be on the lookout for a notification letter with information about how to apply for benefits under the program.  The OPM is only notifying people by regular mail.  If you have been notified by email, text message or telephone, the notice is a scam and you should ignore it.  Even if you receive a letter, you should make sure that the web address you go to is accurate.  For convenience, you can use the web address I have indicated above.  In any event, remember, the legitimate website will not ask for your complete Social Security number.  It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM is offering these services a year after the data breach actually occurred so the danger of identity theft has increased.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”