Many of you dropped notes to us that the Chinese hacked into the Office of Personnel Management’s computer system, stealing information on more than 4 million Federal employees and retirees. According to the Washington Post;
The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months.Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyberespionage.
Well, if they stole my identity, I hope they have better luck with it than I have. By the way, which ever unfortunate Chinese guy gets my name, you have a couple of court dates that you might want to put on your calender.
The government says that folks affected will be eligible for free credit monitoring for 18 months. I never stopped my credit monitoring from LifeLock since the VA lost my information the first time 10 or 12 years ago, because the government is always slow to alert us about the breach. Be prepared.
The only person LifeLock ever busted for using my identity was my wife. They alerted me to the use of my social security number on her car loan as a co-signer while she was still at the dealer. So I know the thing works.
Cybersecurity Incident
The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have exposed the personal information of current and former Federal employees, including employees of the Department of Homeland Security.
Since the incident was identified, OPM has partnered with the Department’s U.S. Computer Emergency Readiness Team and the Federal Bureau of Investigation to determine the impact to Federal personnel. As a result of this investigation, OPM is notifying approximately 4 million individuals whose Personally Identifiable Information may have been compromised. The notifications will be sent beginning June 8 and continuing through June 19 by email and U.S. mail.
In order to mitigate the risk of fraud and identity theft, OPM will offer affected individuals credit monitoring services and identity theft insurance through CSID, a company that specializes in identity theft protection and fraud resolution. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance and recovery services and is available immediately at no cost to affected individuals identified by OPM. Employees whose information was affected will receive a notification directly from CSID. If you have any questions about the impact of this incident to your data or if you receive a notice and have questions about the services being offered, contact CSID directly beginning at 8 a.m. CST on June 8, 2015. The company’s website is http://www.csid.com/opm, and its toll free is 844-222-2743 (International callers: Call collect 512-327-0700).
Following this incident, OPM took immediate action to implement additional security measures in order to protect the sensitive personnel data it manages. Please remain vigilant in helping to protect our systems and data.
Below is information about identify fraud which you may find useful.
Steps for Monitoring Your Identity and Financial Information
• Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
• Request a free credit report at http://www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, http://www.ftc.gov.
• Review resources provided on the FTC identity theft website, http://www.Identitytheft.gov. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
• You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion® at 1-800-680-7289 to place this alert. TransUnion® will then notify the other two credit bureaus on your behalf.
Precautions to Help You Avoid Becoming a Victim
• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about you, your employees, your colleagues or any other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Do not send sensitive information over the Internet before checking a website’s security (for more information, see Protecting Your Privacy, http://www.us-cert.gov/ncas/tips/ST04-013).
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (for more information, see Understanding Firewalls, http://www.us-cert.gov/ncas/tips/ST04-004; Understanding Anti-Virus Software, http://www.us-cert.gov/ncas/tips/ST04-005; and Reducing Spam, http://www.us-cert.gov/ncas/tips/ST04-007).
• Take advantage of any anti-phishing features offered by your email client and web browser.
• Employees should take steps to monitor their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at http://www.ic3.gov.
• Additional information about preventative steps by consulting the Federal Trade Commission’s website, http://www.consumer.gov/idtheft. The FTC also encourages those who discover that their information has been misused to file a complaint with the commission using the contact information below.
Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
http://www.consumer.gov/idtheft
1-877-IDTHEFT (438-4338)
TDD: 1-202-326-2502
I heard earlier today the breech actually occurred in December, and it has taken this long for OPM (and whoever else) to figure the extent of the damage and just made the announcement.
Have you read/heard anything similar?
Thank you Master Chief for this information.
We didn’t know this is what they meant when they said “most transparent administration ever”
Maybe we should start calling the Russians and Chinese to request FOIAs from the Veterans Administration, IRS and and other government entities.
I doubt they would confuse, legally intimidate and misdirect and stall like our GO’s do when you request information.
“Well, if they stole my identity, I hope they have better luck with it than I have.”
Instant classic.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” OPM Director Katherine Archuleta said in a statement.
I can’t stop laughing. First Jonn’s line and now Archbishop Uleta’s or whatever. If that’s OPM’s highest priority, what are they doing with lesser priorities? You couldn’t make this shit up. Well, you could but nobody would believe it.
The patriarchs of my family were men of few words, and sometimes they were profound. My dad listened to a tv show back in the 90’s about computer systems, cybersecurity and its problems, hackers, all that kind of thing. He looked at me for a long moment, and said, “There will come a day when the most secure arrangement you could have will be a locked filing cabinet.”
I didn’t mean to hit ‘report’ on this. I meant to hit ‘reply’.
SORRY!
Remember the good old days before we were so progressive, humane, and civilized, and would retaliate. The Chinese should feel some pain.
I agree. Send them a nice virus that starts with 99 bottles of beer on the wall.
I think we have cyber weapons that can turn their lights off and more.
So this is my proposal:
Turn their lights off.
Leave all traffic lights on green.
Open all dam gates.
Turn off all ATC capabilities.
Launch DOS to every server and computer in country.
24 hous later … Bomb the crap out of them.
PS: No PC’s were actually harmed in the crafting of this comment.
My identity was stolen after a Major left a laptop from Oregon Military Department in his POV at home and it was stolen.
My identity was stolen after a VA idiot left a thumb drive in his glove compartment and it was stolen.
Now, I get an email stating that because I re-upped my TS clearance in 2008, my clearance information may have been compromised…
It’s a good thing that people don’t need good credit in this day and age, right?
Unlike the previous two times, at least the Federal Government is taking steps to protect my already crappy and stolen credit rating.
Flagwaver, they already contacted you about this? I’ve done my sec clearance twice in the last two years (long story) and am slightly worried.
Already fielded 15+ phone calls at work on Friday from people about this.
/wrists…its going to be a long summer…
But “the cloud” is secure! The government says so.
Its strange that they never “hack” welfare information, or the EBT system, or the “Obama Phone” program, etc etc etc.
That’s where all the real money is (liberal social programs), but they seem secure from hacking. Though people are allowed to blatantly abuse and commit fraud with them.
The DoD announced several years ago that “they” were actively engaged in Cyber Warfare.
That was after a wee little incident involving a tour of a bunch of Chineeze in the Pentgoon, were a digit drive was slipped in a computer while SGT Dumbfuctski showed them the sites.
But what do I know.