Critical Read

How OPM breach victims can fight back

Shutterstock image (by alphaspirit): hidden identity of an individual under a mask.

(alphaspirit/ Shutterstock)

What: An Institute for Critical Infrastructure Technology report titled “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach.”

Why: In the post-Office of Personnel Management breach world, it pays to be extra careful.

ICIT’s prescriptions include lying to websites, being vigilant about kids’ social media exposure and taking passwords seriously.

The institute’s experts advise that the personal information stolen in the hack could have destructive consequences for both the United States and individual citizens over the long term, but the impact could be limited if the right steps are taken now.

First and foremost, the U.S. government needs to alert affected people (something it has done for the first breach, but not for the second, bigger breach of security clearance information), delete old user accounts and refocus on training feds to avoid phishing campaigns and other attacks, the ICIT report recommends.

Individuals can take many steps as well.

Credit monitoring and credit freezes are two such steps, along with regular checks of financial statements.

Because the stolen security clearance forms contain so much personal information, individuals should stop using accurate information for security questions on social media, banking and other websites, ICIT says. (For instance, if the question is, “What is your mother’s maiden name?,” don’t use her actual maiden name as the answer – because adversaries probably know it. Use her first name, or a different name altogether, instead.)

ICIT also recommends changing all passwords every three months, avoiding password managers and coming up with unique ways that you can remember and organize highly complicated passwords.

Don’t forget about kids. Since their names could have been exposed in the breach, feds’ children could become targets of phishing attempts or social engineering. ICIT recommends talking to kids about online dangers and deploying firewalls at home.

Above all, ICIT’s report says, the OPM breach provides an opportunity for individuals, private-sector companies and the government to radically rethink and strengthen approaches to cybersecurity.

Verbatim: “The White House, Congress, and the media have focused heavily on attributing fault for the breaches. Considerably less effort has been dedicated to mitigating the impact of the breach at the individual level. … Even if a nation state, such as China, admitted to committing the breach, the information would still be lost, the damage would still be done, and the victims would still be in peril. Neither sale nor use of the information from the OPM breaches has been confirmed. Therefore, a great deal of the potential impact can be mitigated if attempts at proactive measures supersede attribution attempts.”

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.