Latest OPM Data Breach Letters Being Sent
Dear Members,
NTEU has received updated information from the Office of Personnel Management (OPM) regarding the recent background investigations breach affecting approximately 21.5 million individuals.
First announced on June 10, this massive breach involved the theft of Standard Forms 85, 85P, and 86 that are filled out by federal job applicants, employees, military personnel, and contractors, as well as other background materials and records. Out of the 21.5 million individuals, 19.7 million are individuals that applied for a background investigation, and 1.8 million are primarily spouses or adult cohabitants of the applicants. The latest information from OPM also indicates that approximately 5.6 million of these individuals had fingerprint data stolen as part of this cyber incident. The U.S. government will be providing credit monitoring and identity theft services to these 21.5 million compromised individuals, who had a Social Security number stolen, for a period of three years. As a reminder, affected individuals’ dependent minor children under the age of 18 as of July 1, 2015 (living in the household), will also be provided with these services, even if their information was not part of the cyber incident.
The Department of Defense (DOD) is responsible for mailing all of the individual notifications through the U.S. mail. Individual notification letters began to be mailed out on October 1st, and will continue for a period of 12 weeks. Please note that the letters will list OPM (not DOD) in the return address, and the letter is signed by Acting OPM Director Beth F. Cobert. OPM has now provided NTEU with a template of the letters being mailed:
If the U.S. Government’s records indicate an individual was compromised, including their fingerprint data, this is the letter that is being mailed: https://www.opm.gov/cybersecurity/fingerprint-letter.pdf.
If the U.S. Government’s records indicate an individual was compromised, but no fingerprint data was stolen, this is the letter being mailed: https://www.opm.gov/cybersecurity/sample-letter.pdf.
Please note the mailed notification letters include a PIN number which will be required to enroll in the three years (until December 31, 2018) of credit and identity monitoring that is being provided by ID Experts, the chosen contractor. Affected individuals are automatically covered by the ID restoration services and identity theft insurance, and do not need to enroll for these items. Once affected individuals receive their notification letters with assigned PIN numbers, they are to go to the ID Expert contractor web site at https://opm.myidcare.com/validate/ in order to enroll in the credit and identity monitoring services. Individuals can also access this site via OPM’s web site at https://www.opm.gov/cybersecurity. The letters also contain a toll-free number for ID Experts (1-800-750-3004) that individuals can contact for enrollment purposes and to ask questions.
NTEU would also like to remind all of our members that no calls will be made to notify affected individuals, nor will anyone personally reach out and ask for any information during this process. Again, all available information regarding this incident and the response can be found on OPM’s web site at https://www.opm.gov/cybersecurity.
OPM has indicated that a federal interagency working group is continuing to analyze and focus on the impact of the stolen fingerprint data, and may consider offering these individuals additional coverage.
OPM has indicated that in general the theft involved SF 85, 85P, and 86 forms submitted for federal background investigations and re-investigations conducted since 2000. Once the 12-week notification period occurs, DOD will be establishing a separate call center for any individual who did not receive a notification letter but thinks they should have. Once this call-in number and further details are available, NTEU will provide this information. In the meantime, these individuals can also visit OPM’s Cyber Resources Center on their web site at https://www.opm.gov/cybersecurity. Additionally, individuals can register for future updates by joining an e-mail listserv on this site at https://www.opm.gov/cybersecurity/stay-informed/#listserv.
NTEU considers the current time limits for the credit and identity protections insufficient. We continue to advocate with the administration and on Capitol Hill for lifetime credit protection for all affected individuals, and strongly support Senator Cardin’s (D-MD) and Representative Eleanor Holmes Norton’s (D-DC) RECOVER Act that would provide lifetime credit monitoring and identity theft protection (H.R. 3029 in the House/S.1746 in the Senate). Additionally, NTEU continues its efforts on the lawsuit we filed to provide lifetime credit monitoring and identity theft protection for our members and to ensure the U.S. Government does not allow this to happen again.
As individuals receive their personal notifications, do be sure to report any problems encountered with the notification and enrollment process. Please visit www.nteu.org for more information on this important issue.
Diane Lynne
President, NTEU 280
202 566 2786