NTEU received updated information from the Office of Personnel Management (OPM) regarding the recent background investigations breach affecting approximately 21.5 million individuals.
OPM informed us that a DOD-run verification center is now available for any individual who has not received a notification letter but thinks they should have. This center can also assist any individual who did receive a notification letter but lost their assigned PIN number. The center can be accessed online via OPM’s cybersecurity site at https://www.opm.gov/cybersecurity or by calling 1-866-408-4555 (Mon-Fri 9am-9pm EST).
First announced on June 10, this massive breach involved the theft of Standard Forms 85, 85P, and 86 that were filled out by federal job applicants, employees, military personnel, and contractors, starting in 2000. Out of the 21.5 million individuals, 19.7 million are individuals that applied for a background investigation, and 1.8 million are primarily spouses or adult cohabitants of the applicants. The latest information from OPM also indicates that approximately 5.6 million of these individuals had fingerprint data stolen as part of this cyber incident. The U.S. Government will be providing credit monitoring and identity theft services to these 21.5 million compromised individuals, who had a Social Security number stolen, for a period of three years. As a reminder, affected individuals’ dependent minor children under the age of 18 as of July 1, 2015 (living in the household), will also be provided with these services, even if their information was not part of the cyber incident.
The Department of Defense (DOD) is responsible for mailing all of the individual notifications through the U.S. mail. Individual notification letters are currently being mailed out, and will continue to be put into the mail through the second week of December. OPM indicates that as of December 1st, 17.5 million out of the total 21.5 million notifications have been placed in the mail. Please note that the letters will list OPM (not DOD) in the return address (OPM Notifications) and the letter is signed by Acting OPM Director Beth F. Cobert. Templates of the letters being mailed are available on OPM’s web site at: https://www.opm.gov/cybersecurity.
OPM advises that individuals should wait until mid-December before contacting the verification center as approximately 4 million notification letters will be placed into the mail through the end of the second week of December. This center will remain operational through the end of December 2018. Individuals who contact the center and who were indeed compromised by the breach will receive a mailed notification letter with PIN code and directions. For individuals whose data was not compromised, they will receive a letter confirming they were not impacted. OPM advises that these mailed letter will arrive 2–4 weeks after the individual contacts the center.
As a reminder, in general, mailed notification letters include a 25-digit PIN number which will be required to enroll in the three years (until December 31, 2018) of credit and identity monitoring that is being provided by ID Experts, the chosen contractor. Affected individuals are automatically covered by the ID restoration services and identity theft insurance, and do not need to enroll for these specific items. Once affected individuals receive their notification letters with assigned PIN numbers, they are to go to the ID Expert contractor web site at https://opm.myidcare.com/validate/ in order to enroll in the credit and identity monitoring services. Individuals can also access this site via OPM’s web site at https://www.opm.gov/cybersecurity. The letters also contain a toll-free number for ID Experts (1-800-750-3004) that individuals can contact for enrollment purposes and to ask questions.
OPM advises us that if a recipient encounters problems when entering the assigned 25- digit PIN on the web site, the individual should first be aware that the PIN number must also be used in conjunction with the last four digits of their Social Security number. Also, the 25-digit PIN is solely composed of numbers, and not any letters. OPM recommends that an individual attempt to re-enter their PIN a second time if they encounter any issues. However, if the person is still not able to get it to work for whatever reason, they should contact ID Experts directly using the toll-free number (1-800-750-3004). After three failed attempts to enter a PIN through the automated phone system at this number, an individual will be transferred to a live agent for assistance.
OPM has also informed us that if an individual has placed a credit freeze (or security freeze) on their credit report, they will not be able to complete the account creation process to enroll for the credit monitoring services through ID Experts until the freeze has been lifted. The FTC provides additional information on credit freezes at
NTEU reminds you that no calls will be made to notify affected individuals, nor will anyone personally reach out and ask for any information during this process. Should you receive a call purporting to be someone regarding this data breach, do not give them any information. Again, all available information regarding this incident and the response can be found on OPM’s web site at https://www.opm.gov/cybersecurity.
Please be sure to report any problems that you or our members encounter with the notification and enrollment process to NTEU, as you did with the other OPM personnel records breach. NTEU is advocating for lifetime credit protection for all affected individuals on Capitol Hill, and we strongly support Senator Cardin’s (D-MD) and Representative Eleanor Holmes Norton’s (D-DC) RECOVER Act that would provide compromised individuals with lifetime credit monitoring and identity theft protection (H.R. 3029 in the House/S.1746 in the Senate).
Please visit www.nteu.org for more information. Likewise, NTEU continues its work on the lawsuit we filed to provide lifetime credit monitoring and identity theft protection for our members and to ensure the U.S. Government does not allow this to happen ever again.