“Cybersecurity Resource Center Information About Personnel Data Incident
Information Regarding Forthcoming Service Provider Change
OPM is announcing a change to the credit monitoring and identity protection service provider that will affect a subset of individuals impacted by the personnel records cyber incident announced in the summer of 2015. Most impacted individuals will not experience any change to their current coverage, and do not need to take any action, but a subset of individuals will need to re-enroll to continue coverage.
 What Is Changing?
o OPM currently uses two different companies to provide credit monitoring and identity protection services free of charge to impacted individuals. Winvale/CSID covers the 4.2 million individuals impacted by the personnel records cyber incident and ID Experts (MyIDCare) covers the 21.5 million individuals impacted by the background investigations cyber incident. As of December 1, coverage under Winvale/CSID will expire.
As of December 2, 2016 all individuals impacted by either incident will be eligible for coverage through ID Experts (MyIDCare).
Individuals currently covered by ID Experts (MyIDCare) will not experience a change in their coverage or service at this time and do not need to take any action.
Starting December 1, individuals previously covered by Winvale/CSID will be offered services through IDExperts (MyIDCare). Impacted individuals will also still be automatically covered by identity restoration and identity theft insurance, but you will need to re-enroll with ID Experts (MyIDCare) if you would like to continue to receive monitoring services. More information about how to re-enroll is below.
This change is part of OPM’s continuing efforts to provide all impacted individuals with 10 years of service. We will continue to update this website with more information regarding credit monitoring and identity protection services as it becomes available.
 Does This Change Affect Me?
o I am currently covered by ID Experts (MyIDCare). If you were impacted by the background investigation records cyber incident, you were offered the opportunity to enroll in identity protection services with ID
Experts (MyIDCare). Enrollment notifications for this incident were sent by U.S. Postal Service from OPM, most of which were mailed in the fall of 2015. View samples of the letter that you may have received. If you are already enrolled with ID Experts, your coverage from ID Experts will continue and no action is needed at this time.
I am currently covered by Winvale/CSID. If you were impacted by the personnel records cyber incident, you were offered the opportunity to enroll in identity protection services with Winvale/CSID. Enrollment notifications for this incident were sent by email and U.S. Postal Service in June 2015. If you enrolled with Winvale/CSID, you likely have received or will soon receive a notification informing you that your Winvale/CSID coverage is expiring on December 1, 2016. You will need to re-enroll with IDExperts (MyIDCare) if you would like to continue receiving free monitoring services beyond December 1. See below for more information regarding how to re-enroll.
I do not recall which provider I am covered by or want to verify if I am impacted. If you cannot recall which letter(s) you received or you want to verify whether you were impacted by either incident, you can go to the Verification Center. Due to privacy and security reasons, the Verification Center cannot confirm whether you were impacted or provide you with the 25-digit PIN code you need to enroll. You must enter your personal information into the Verification Center website, and OPM will mail you a letter by U.S. Postal Service that will provide you with enrollment information and a 25-digit PIN code if you were impacted. Verification Center call center agents can assist you if you need help entering your information into the system.
View general information about the OPM cyber incidents and the populations impacted.
 How Do I Re-Enroll With ID Experts (MyIDCare) If My Winvale/CSID Services Are Expiring?
o Most of the individuals covered by Winvale/CSID were also impacted by the background investigation records cyber incident. These individuals should already have received a letter from OPM inviting them to enroll in services with ID Experts (MyIDCare) and providing them with a 25-digit PIN code.
 If you previously received a notification letter in connection with the background investigation records incident and wish to enroll with ID Experts (MyIDCare) now, you will need to use the 25-digit PIN code provided in this letter. Click here if you have your 25-digit PIN code and wish to enroll now.
 If you believe you previously received a notification letter in connection with the background investigation records incident, but
no longer have your original notice, you can visit the Verification Center to obtain a duplicate copy by U.S. Postal Service.
 If you are in the subset of individuals who were not impacted by the background investigations incident, you will be receiving a new notification letter from OPM via the U.S. Postal service with a 25-digit PIN that you can use to enroll with ID Experts (MyIDCare). We expect to mail the majority of these notifications in November 2016.
Please note that ID Experts cannot enroll you without the 25-digit PIN code and cannot provide you with a PIN code over the phone.
Frequently Asked Questions
 How do I know which incident(s) I was impacted by, or where I am eligible to receive coverage?
o If you were impacted by the personnel records incident, you should have received a notification via email or U.S. Postal Service in June 2015 from Winvale/CSID inviting you to enroll in credit monitoring and identity protection services. If you were impacted by the background investigation records incident, you should have received a notification letter via U.S. Postal Service from OPM, most of which were mailed in the fall of 2015, inviting you to enroll with ID Experts (MyIDCare). View samples of the letter that you may have received. Approximately 97% of individuals impacted by the OPM cyber security incidents were impacted by the background investigation records incident. Because there was some overlap in the two populations, you may have previously been eligible to receive coverage from both companies.
If you cannot recall which notification(s) you received, need to obtain a duplicate copy, or want to verify whether you were impacted, you can go to the Verification Center.
 When will I stop receiving credit monitoring services from Winvale/CSID?
o Credit monitoring and identity protection services from Winvale/CSID expire on December 1, 2016. Once services with Winvale/CSID expire, you will no longer have access to information in your Winvale/CSID account. If you wish to review or print your credit reports or other monitoring information from your Winvale/CSID account, please log in to your account prior to December 1.
 Will Winvale/CSID start charging me automatically for their services after December 1 unless I take some action to stop it?
o No. Winvale/CSID is not permitted to automatically start billing you for their services without your consent. At the end of your coverage on
December 1, your services simply expire. You are eligible to re-enroll with ID Experts (MyIDCare) at no cost to you.
 What if I have an open identity theft restoration case or pending insurance claim with Winvale/CSID?
o Winvale/CSID will process to completion all identity theft restoration cases and identity theft insurance claims that are received on or before December 1, 2016, even if this work extends beyond December 1. Therefore, no open restoration case or identity theft insurance claims will be transitioned, and you will not have to start over with ID Experts to resolve your open case or claim. To contact Winvale/CSID regarding a pending identity theft restoration case or insurance claim, please contact your case manager at the phone number provided on your case documentation.
 Do I have to pay if I want to continue receiving identity protection services?
o No. Everyone currently receiving services from Winvale/CSID in connection with the OPM cyber incidents is eligible to continue receiving identity protection services from ID Experts (MyIDCare) at no cost to you.
 Will I be receiving a new notification letter with a new enrollment PIN code?
o Most of the individuals receiving credit monitoring services from Winvale/CSID were also impacted by the background investigation records incident. Therefore, these individuals are already eligible to receive government-sponsored coverage from ID Experts (MyIDCare). If you were impacted by the background investigation records incident, you should have already received your notification letter and 25-digit PIN code to allow you to enroll with ID Experts. A copy of your notification letter may be obtained from the Verification Center if you have lost your original letter. Individuals who were already notified that they were eligible for services from ID Experts will not receive a new notification letter or 25-digit enrollment PIN code at this time, unless they request a duplicate copy from the Verification Center.
If you are one of the 3% of individuals who were impacted by the personnel records incident but not impacted by the background investigation records incident, you will be receiving a new notification letter and 25-digit enrollment PIN code to permit you to enroll with ID Experts. We expect that most of these letters will be mailed in November 2016. OPM will post a copy of the mailed notification letter on this website to assist you in verifying the authenticity of the letter once the mailing effort has begun.
 Do I need a PIN code to enroll in credit and identity monitoring services or to file a new identity theft restoration or insurance claim?
o Yes. The 25-digit PIN code in conjunction with the last four digits of your Social Security number is needed to validate an impacted individual’s eligibility to receive government-provided identity protection services. ID Experts (MyIDCare) cannot verify your eligibility or enroll you without a 25-digit PIN code. If you believe you are eligible for services, but do not have your PIN code, please contact the Verification Center to request a copy of your notification letter with PIN code prior to attempting to enroll.
 Can someone tell me whether I was impacted, or provide me my PIN code over the phone?
o No. The Verification Center can confirm whether you were impacted and mail you a copy of your enrollment letter, but it must first check your name, address, Social Security number, and date of birth against the government’s database to determine whether your Social Security number was included in the OPM cyber intrusions. Due to privacy and security reasons, call center agents do not have access to the database and cannot share information over the phone. Call center agents assist individuals who need help entering their personal information into the system. After submitting your information, you should receive a response letter in approximately two to four weeks through the U.S. Postal Service, which will include your 25-digit enrollment PIN code if you were impacted. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.
ID Experts (MyIDCare) cannot tell you whether you were impacted or provide you with a PIN code. If you do not have your original notification letter, the only way to verify whether you were impacted by the OPM cyber incidents and obtain the PIN code that is necessary to enroll is by visiting the Verification Center.
 Why do I have to sign up again? Why couldn’t you just move my account to ID Experts (MyIDCare)?
o All individuals whose data were impacted during the OPM cyber incidents are covered by identity theft restoration and identity theft insurance, regardless of whether they have enrolled in credit and identity monitoring services. OPM has taken steps to ensure that there is no gap in this coverage during the transition to a new service provider.
If you previously enrolled in identity and credit monitoring services with Winvale/CSID and wish to continue receiving these services from ID Experts (MyIDCare) at no expense to you, you will need to re-enroll. Any individual who enrolls in monitoring services typically provide the service provider with some of their most sensitive data, including his/her Social Security number, driver’s license, credit card numbers, and bank account numbers. Having you re-enroll with the new provider helps protect your
privacy and security by allowing you to “opt in” to having your data held by a new service provider.
 Does this fulfill OPM’s responsibility to provide coverage for 10 years? Will I ever have to change service providers again?
o This change is the first step in OPM’s efforts to extend services to all impacted individuals to 10 years. We will continue to update this website with more information regarding credit monitoring and identity protection services as it becomes available.”