The Newest Federal Breach

It was announced on Thursday, June 4, 2015 that a massive breach at OPM compromised personal information from 4 million current and former federal employees.  CNN reported that this may be the largest breach ever.  Details about how the breach occurred, whose personal information was compromised and what information was retrieved is not known yet.  The only thing we know for sure is that individuals whose personal information was compromised will receive a letter or email message between June 8 and June 19.

As a federal employee I hope this is your first experience as a potential victim of a cyber-breach.  Based on information shared with me from victims of other breaches (IRS, Home Depot, Target and Blue Cross Blue Shield etc) there are a few things you need to know:

1. If you receive a letter saying that your personal information was compromised take immediate action to request credit monitoring from CSID.  Do not wait!  Complete all steps so that you can take full advantage of all remedies available to you.
2. Place a fraud alert at the credit bureaus (Experian, TransUnion or Equifax).  An Initial Fraud alert on your credit file lets creditors know that you believe you may have been a victim of fraud or are at risk of being a victim.  The alert is FREE and lasts 90 days.  The fraud alert requires creditors to check with you before opening a credit account in your name, increasing the credit limit on an existing account, or issuing a new card on an existing account.  You only need to contact one credit bureau.  The bureaus automatically transmit a request to the other two bureaus on your behalf. 
3. Be suspicious of email messages, telephone calls, or other communications requesting account information.  Do not follow links in email messages that ask for a username, password, credit card or social security number.  Call the organization using a trusted phone number.
4. Check your credit report regularly.   The Fair Credit Reporting Act (FCRA) requires each of the nationwide credit reporting companies — Equifax, Experian, and TransUnion — to provide you with a free copy of your credit report, at your request, once every 12 months.
5. Consider all the ways someone might use your personal information to access other systems.  Your personal information could be used to file a fraudulent tax return or to get medical treatment.

It is mind boggling to consider all the ways this breach might have happened and it’s too early to point fingers.  The truth is there are many vectors used in a successful breach including people, places and things.  Please follow polices and best practices to prevent contributions to this or future breaches.

Keep your head up and be alert to potential scams. 

The agencies that were impacted by the breach should be talking to their employees to ensure they are following polices and best practices.  This breach won't be the last one, so the smartest thing to use it as an opportunity to emphasize the importance of IT Security.