Critical Read

How OPM breach victims can fight back

Shutterstock image (by alphaspirit): hidden identity of an individual under a mask.

(alphaspirit/ Shutterstock)

What: An Institute for Critical Infrastructure Technology report titled “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach.”

Why: In the post-Office of Personnel Management breach world, it pays to be extra careful.

ICIT’s prescriptions include lying to websites, being vigilant about kids’ social media exposure and taking passwords seriously.

The institute’s experts advise that the personal information stolen in the hack could have destructive consequences for both the United States and individual citizens over the long term, but the impact could be limited if the right steps are taken now.

First and foremost, the U.S. government needs to alert affected people (something it has done for the first breach, but not for the second, bigger breach of security clearance information), delete old user accounts and refocus on training feds to avoid phishing campaigns and other attacks, the ICIT report recommends.

Individuals can take many steps as well.

Credit monitoring and credit freezes are two such steps, along with regular checks of financial statements.

Because the stolen security clearance forms contain so much personal information, individuals should stop using accurate information for security questions on social media, banking and other websites, ICIT says. (For instance, if the question is, “What is your mother’s maiden name?,” don’t use her actual maiden name as the answer – because adversaries probably know it. Use her first name, or a different name altogether, instead.)

ICIT also recommends changing all passwords every three months, avoiding password managers and coming up with unique ways that you can remember and organize highly complicated passwords.

Don’t forget about kids. Since their names could have been exposed in the breach, feds’ children could become targets of phishing attempts or social engineering. ICIT recommends talking to kids about online dangers and deploying firewalls at home.

Above all, ICIT’s report says, the OPM breach provides an opportunity for individuals, private-sector companies and the government to radically rethink and strengthen approaches to cybersecurity.

Verbatim: “The White House, Congress, and the media have focused heavily on attributing fault for the breaches. Considerably less effort has been dedicated to mitigating the impact of the breach at the individual level. … Even if a nation state, such as China, admitted to committing the breach, the information would still be lost, the damage would still be done, and the victims would still be in peril. Neither sale nor use of the information from the OPM breaches has been confirmed. Therefore, a great deal of the potential impact can be mitigated if attempts at proactive measures supersede attribution attempts.”

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.