Cyber Security Incidents
In recent months, the federal Office of Personnel Management (OPM) discovered multiple cyber security incidents that have impacted the data of federal government employees, contractors, and others.
The first incident, in April of 2015, involved a cyber intrusion that compromised personnel records of current and former federal employees. Since this announcement, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to federal personnel. According to OPM, it has immediately implemented additional security measures to protect employees’ sensitive information.
While investigating this initial incident, OPM discovered in June that additional information had been compromised: including background investigation records of current, former, and prospective federal employees and contractors.
I am deeply outraged by these security breaches. Our public servants deserve to have confidence that their personal information is being protected. They also deserve accountability from those entrusted with protecting that information, and I welcomed OPM Director Archuleta's resignation. Those who have been impacted deserve to have timely and accurate information about OPM’s actions to protect them against fraud and theft of personal and financial information. Below, you'll find information regarding these incidents and the resources available to those who have been affected. In addition, OPM is consistently updating its website to answer Frequently Asked Questions: www.opm.gov/cybersecurity/
Please don't hesitate to let me know how I can be of assistance to you or your family.
Frequently Asked Questions (per OPM):
How and when will you be notified if your information was compromised?
Stafford: (540) 659-2734
OPM is sending notification letters to people whose Social Security Number appeared on files impacted by the background investigation records incident. These individuals include current, former, and prospective Federal employees and contractors and their spouses or co-habitants that are listed on background investigation forms. Each of these individuals will be personally contacted by mail to inform them of the breach and the type of information that was potentially exposed. The communication will include an offer of credit monitoring and identity theft assistance at no charge for at least three years. Some individuals may also receive additional contact via email where appropriate. To the extent that emails are used for notifications, the communication will come from a Federal government email address, to alleviate confusion about the source of the notification and to address concerns that it may be illegitimate or a spear-phishing attempt.
For the earlier personnel data incident, OPM has sent notifications to individuals to ensure that they are provided with the appropriate support and tools to protect their personal information.
What resources are available to you to protect your identity? Your spouse's?
For the affected background investigation applicants, spouses or co-habitants with Social Security Numbers and other sensitive information that was stolen from OPM databases, OPM and the Department of Defense (DOD) will work with a private-sector firm specializing in credit and identity theft monitoring to provide services such as:
- Full service identity restoration support and victim recovery assistance
- Identity theft insurance
- Identity monitoring for minor children
- Continuous credit monitoring
- Fraud monitoring services beyond credit files
The protections in this suite of services are tailored to address potential risks created by this particular incident, and will be provided for a period of at least 3 years, at no charge.
For those affected by the personnel data incident in April, OPM has sent notifications to provide you with the information for how to access identity protection and insurance services. These services include 18 months of credit monitoring membership, free credit report access, identity theft insurance, and identity restoration. Regardless of whether or not you explicitly take action to enroll in the credit monitoring services, you will have access to identity theft insurance and access to full-service identity restoration provided. For more information on how to personally monitor your identity and sensitive information, or to learn if you are eligible for comprehensive credit and non-credit identity protection, please visit OPM’s web site: www.opm.gov/cybersecurity/
Additional information is available on CSID's website, and by calling toll-free 844-777-2743. International callers can call collect at (512) 327-0705.
In September, OPM and the U.S. Department of Defense (DoD) announced a contract with Identity Theft Guard Solutions LLC, known as “ID Experts,” for three years of identity theft protection services for the 21.5 million individuals whose personal information was compromised. These services will be provided at no cost to the victims. For more information on how to monitor your identity and sensitive information or to learn if you are eligible for comprehensive credit and non-credit identity protection, please visit OPM’s web site.
What to do if you are concerned about identity theft:
If you are concerned about identity theft, please visit the FTC's website to learn about setting up protections.
Visit here to learn how to:
- Spot warning signs of identity theft
- Get a free credit report
- Set up fraud alerts on your accounts
- Protect your children/minors from identity theft
OPM: Information about the Cybersecurity Incidents
OPM: Frequently Asked Questions about Cybersecurity Incidents
Email OPM directly with further questions: firstname.lastname@example.org
In addition, please call any of my offices with questions you may have. My phone numbers are listed below:
Tappahannock: (804) 443-0668
Yorktown: (757) 874-6687
Washington: (202) 225-4261
Press Release: Wittman Statement on Resignation of OPM Director
Press Release: Wittman Statement on Federal Personnel Data Breach