Federal Workers Will Get Letter Notifying Them of Data Hack

 

Federal workers whose identities were stolen in a massive data breach will soon receive an official notice in the mail informing them of what was stolen and what steps they can take to protect their identity.

According to a blog posted on the U.S. Office of Personnel Management’s website, OPM has already begun sending these letters to affected former and current federal workers.

“Yesterday, we began mailing notification letters to the individuals whose personal information was stolen in a malicious cyber intrusion carried out against the federal government,” according to the blog published October 1.

The agency will send the notifications through the United States Postal Service — not via email.

The letters will also layout what no-cost options federal workers have at their disposal to mitigate the chance of someone fraudulently using their ID as a result of the data theft.

This includes a “comprehensive suite of identity theft protection and credit monitoring services that will be provided for at least three years … to impacted individuals and to their dependent minor children,” according to OPM.

The hacked data contained sensitive federal background check information involving an estimated 21.5 million people who have direct and indirect ties to the U.S. government, including roughly 4 million past and current federal workers.

Hypothetically, hackers have free range to do whatever they want with the data including selling it on the black market. The hackers may have obtained a wide range of sensitive personal data including Social Security numbers, job assignments, job performance ratings, training information, healthcare records, as well as answers to invasive questions on background checks.

In addition, OPM estimates that roughly 5.6 million individuals had their fingerprints stolen. For each person, the letters will point out whether or not fingerprints were stolen during the breach.

“While federal experts believe that, as of now, the ability to misuse fingerprint data is limited, an interagency working group with expertise in this area will review the potential ways adversaries could misuse fingerprint data now, and in the future,” according to OPM. “This group will also seek to develop potential ways to prevent such misuse. If in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.”

It is not clear how long it will take affected individuals to receive the notification letter. What is clear is that the long and tedious process — no doubt for both affected individuals and OPM — “could take considerable time to deliver them all,” the agency stated.

 OPM also created a website to help affected individuals navigate this complex issue. The link is: www.opm.gov/cybersecurity