Workforce

Are you one of the 4 million? Here's what to watch for

Shutterstock image (by dencg): digital warning sign.

Feds, watch your inboxes.

Starting June 8, the Office of Personnel Management will be sending emails to the roughly 4 million current and former federal workers whose personally identifiable information (PII) was potentially exposed in the massive data breach made public late on June 4.

The email address from which notifications will come: opmcio@csid.com.

CSID is a Texas-based security, identify protection and fraud detection firm. Emails, containing information about the credit monitoring and identity theft protection services Uncle Sam will be providing affected feds, will be sent between June 8 and June 19, and letters will be mailed to affected personnel for which OPM does not have an email address. OPM said in a statement that the credit monitoring services also will be provided by CSID, and more information will be available on CSID's website starting June 8 at 9 a.m. EDT.

In its June 4 statements on the breach, OPM stressed that federal personnel should be wary of unsolicited phone calls, emails and other contact, and urged government employees to start monitoring their credit reports.

And then what?

If a notification arrives, the next steps depend on what information was compromised. The Federal Trade Commission's IdentityTheft.gov was designed to help citizens protect themselves, and offers a detailed checklist of mitigation tactics.

Sen. Susan Collins (R- Maine), told the Associated Press that the hackers responsible for the breach are believed to be based in China, and that it appears they may have been targeting individuals who hold security clearances. The breach took place in December, but was not discovered until April after OPM initiated new cybersecurity measures. The Department of Homeland Security said its Einstein intrusion-detection-and-prevention system discovered the hack of OPM's systems and the Interior Department's data center, though it's unclear why the detection occurred only after a tremendous number of records had been copied by hackers.

"OPM seems a tad blasé about this breach stating that 'OPM, using new tools, discovered the breach in April,'" said Richard Blech, CEO of security and ID-management firm Secure Channels. "The new tools cannot be very good if it takes four months to find out you have been breached."

Blech noted that the data likely made its way through the black market very quickly, and he said the personnel files should have been "deeply encrypted" to keep them safe in the event of a breach.

Mark Bower, global director of product management at HP Security Voltage, said the PII will facilitate "one of the most effective secondary attacks" – spear-phishing – on government systems.

"Beyond spear-phishing, knowing detailed personal information past and present creates possible cross-agency attacks given job history data which appears to be in the mix," Bower noted. "Thus, it's likely this attack is less about money, but more about gaining deeper access to other systems and agencies."

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.