Critical Read

How OPM breach victims can fight back

Shutterstock image (by alphaspirit): hidden identity of an individual under a mask.

(alphaspirit/ Shutterstock)

What: An Institute for Critical Infrastructure Technology report titled “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach.”

Why: In the post-Office of Personnel Management breach world, it pays to be extra careful.

ICIT’s prescriptions include lying to websites, being vigilant about kids’ social media exposure and taking passwords seriously.

The institute’s experts advise that the personal information stolen in the hack could have destructive consequences for both the United States and individual citizens over the long term, but the impact could be limited if the right steps are taken now.

First and foremost, the U.S. government needs to alert affected people (something it has done for the first breach, but not for the second, bigger breach of security clearance information), delete old user accounts and refocus on training feds to avoid phishing campaigns and other attacks, the ICIT report recommends.

Individuals can take many steps as well.

Credit monitoring and credit freezes are two such steps, along with regular checks of financial statements.

Because the stolen security clearance forms contain so much personal information, individuals should stop using accurate information for security questions on social media, banking and other websites, ICIT says. (For instance, if the question is, “What is your mother’s maiden name?,” don’t use her actual maiden name as the answer – because adversaries probably know it. Use her first name, or a different name altogether, instead.)

ICIT also recommends changing all passwords every three months, avoiding password managers and coming up with unique ways that you can remember and organize highly complicated passwords.

Don’t forget about kids. Since their names could have been exposed in the breach, feds’ children could become targets of phishing attempts or social engineering. ICIT recommends talking to kids about online dangers and deploying firewalls at home.

Above all, ICIT’s report says, the OPM breach provides an opportunity for individuals, private-sector companies and the government to radically rethink and strengthen approaches to cybersecurity.

Verbatim: “The White House, Congress, and the media have focused heavily on attributing fault for the breaches. Considerably less effort has been dedicated to mitigating the impact of the breach at the individual level. … Even if a nation state, such as China, admitted to committing the breach, the information would still be lost, the damage would still be done, and the victims would still be in peril. Neither sale nor use of the information from the OPM breaches has been confirmed. Therefore, a great deal of the potential impact can be mitigated if attempts at proactive measures supersede attribution attempts.”

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.