Critical Read

How OPM breach victims can fight back

Shutterstock image (by alphaspirit): hidden identity of an individual under a mask.

(alphaspirit/ Shutterstock)

What: An Institute for Critical Infrastructure Technology report titled “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach.”

Why: In the post-Office of Personnel Management breach world, it pays to be extra careful.

ICIT’s prescriptions include lying to websites, being vigilant about kids’ social media exposure and taking passwords seriously.

The institute’s experts advise that the personal information stolen in the hack could have destructive consequences for both the United States and individual citizens over the long term, but the impact could be limited if the right steps are taken now.

First and foremost, the U.S. government needs to alert affected people (something it has done for the first breach, but not for the second, bigger breach of security clearance information), delete old user accounts and refocus on training feds to avoid phishing campaigns and other attacks, the ICIT report recommends.

Individuals can take many steps as well.

Credit monitoring and credit freezes are two such steps, along with regular checks of financial statements.

Because the stolen security clearance forms contain so much personal information, individuals should stop using accurate information for security questions on social media, banking and other websites, ICIT says. (For instance, if the question is, “What is your mother’s maiden name?,” don’t use her actual maiden name as the answer – because adversaries probably know it. Use her first name, or a different name altogether, instead.)

ICIT also recommends changing all passwords every three months, avoiding password managers and coming up with unique ways that you can remember and organize highly complicated passwords.

Don’t forget about kids. Since their names could have been exposed in the breach, feds’ children could become targets of phishing attempts or social engineering. ICIT recommends talking to kids about online dangers and deploying firewalls at home.

Above all, ICIT’s report says, the OPM breach provides an opportunity for individuals, private-sector companies and the government to radically rethink and strengthen approaches to cybersecurity.

Verbatim: “The White House, Congress, and the media have focused heavily on attributing fault for the breaches. Considerably less effort has been dedicated to mitigating the impact of the breach at the individual level. … Even if a nation state, such as China, admitted to committing the breach, the information would still be lost, the damage would still be done, and the victims would still be in peril. Neither sale nor use of the information from the OPM breaches has been confirmed. Therefore, a great deal of the potential impact can be mitigated if attempts at proactive measures supersede attribution attempts.”

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.