Email this Article Email   

CHIPS Articles: OPM Data Breach Update

OPM Data Breach Update
By DON Office of Civilian Human Resources - June 22, 2015
Note: As the OPM Data Breach is under federal investigation, the Department of the Navy Office of Human Resources will continue to update FREQUENTLY ASKED QUESTIONS (FAQS) regarding the OPM data breach as more information becomes available. Current questions/answers may be found at www.opm.gov.

Summary – Updated (New)

In April 2015, the Office of Personnel Management (OPM) became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former federal employees. The breach pre-dates OPM’s adoption of tougher security controls.

Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to current and former federal employees. OPM estimates that up to 4 million employees may have been impacted by this breach.

OPM began conducting notifications to affected individuals using email and/or USPS First Class mail on June 8, 2015. Recognizing the inherent security concerns in this methodology, with OPM and CSID support, DoD suspended notifications to employees on June 11, 2015, until an improved, more secure notification and response process is in place. Late June 15, 2015, OPM advised that email notification resumed. Email notifications should be complete by June 22, 2015. U.S. Postal mail notifications will take longer.

OPM will offer impacted individuals 18 months of credit monitoring services and identity theft insurance through CSID® – a company that specializes in identify theft protection and fraud resolution. The 18-month CSID® membership will be offered to those individuals identified by OPM at no cost.

In the course of the ongoing investigation into the cyber intrusion that compromised personnel records of current and former federal employees (announced June 4), it was discovered that additional OPM systems were compromised. These systems contain information related to background investigations. OPM, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are working as part of an ongoing investigation to determine the number of people affected by this separate intrusion. OPM will notify those individuals whose information may have been compromised as soon as practicable.

Since the investigation is on-going, additional exposures may come to light; if this occurs, OPM will conduct additional notifications as necessary.

New — Last this week, some employees began receiving an email with the subject line, “Update #2 for DoD Personnel on OPM Breach Notification Procedures.” This is the first email that was sent to employees; therefore, employees should not “look” for email #1.

OPM began conducting notifications to affected individuals using email and/or USPS First Class mail on June 8, 2015. Recognizing the inherent security concerns in this methodology, DoD, with OPM and CSID support, effective June 11, 2015, suspended notifications to employees until an improved, more secure notification and response process is in place. Late June 15, 2015, OPM advised that email notification resumed.

The email text now advises employees to paste or type a link to an https site. CSID also has changed the form on their initial page and only requires an employee to enter the unique PIN#. Additionally, employees will be asked to solve a CAPTCHA to help CSID block automated cyber attack programs. Once the PIN# and CAPTCHA are accepted, employees can proceed to the credit monitoring signup page – this is where personal information must be entered.

Employees who have received a notification via email from the email account OPMcio@csid.com and entered their assigned PIN, are registered for the credit monitoring services. Employees who disregarded that email, deleted the email or have not yet received the email will automatically be enrolled in the identity theft insurance. These employees will be re-notified by email with a PIN#.

Current federal employees should receive email notification using their work email. Some employees have indicated that the email notification went to their junk mail. It is strongly recommended that employees FIRST check their junk mail for OPM's email notification. The email notification should come from OPMcio@csid.com.

Employees will not receive notification by U. S. Postal mail unless employees do not have a work email address or if the email was rejected. If no notification is received, employees may call the CSID toll free number 1-844-222-2743 to authenticate their status and receive their PIN#. Please expect long wait time.

If you have left the government, OPM will send you a notification via postal mail to the last address the agency has on file. OPM will verify this address with the National Change of Address (NCOA) service before mailing a letter.

If you have moved between agencies, OPM will send an email notification to your government email account for the agency at which you are currently employed. If your email address is unavailable, notification will be sent via postal mail.

I can’t access the CSID website? As this is an evolving situation, there may be intermittent connectivity issues with the website. The DoD CIO has asked components to avoid blocking the CSID.COM/OPM website.

The web address for enrolling is https://www.CSID.com/OPM — this site is for employees to set up accounts. Once you have enrolled, to login at a later time, go to https://opm.csid.com.

The sender "OPM CIO" and email address "opmcio@csid.com" are the sender and email address that OPM is using to notify affected individuals. If you get an email about the breach from a different address, it is spam. Do not click on any links or provide any personal information. Contact privacy or security officers or follow your command or U.S. Marine Corps protocols if receiving a suspected phishing message.

If you inadvertently deleted your email notification, follow these steps to attempt to retrieve the email:

1. Open Outlook

2. Click on "Deleted Items" Folder — on the left menu bar.

3. On the very top of the page click "FOLDER” then --> Click the icon that says "Recover Deleted Items"

5. Go through the list and select (mouse click on them) the ones to recover

6. Navigate to the top of the screen and click the second icon on the top left (says "Recover Selected Items")

7. This will recover the deleted email and return the email to the "Deleted Items" outlook folder

8. Simply move the email to your inbox

Call CSID at 1-844-222-2743 and they will authenticate your status as an impacted government employee and reissue your PIN on the phone. The employee will then use the PIN to register at the CSID website.

Who is affected by the data breach?

OPM maintains personnel records for the federal workforce. The kind of data that may have been compromised in this incident could include name, Social Security Number, date and place of birth, and current and former addresses.

It is the type of information you would typically find in a personnel file, such as job assignments, training records, and benefit selection decisions. OPM has indicated that it does not appear that names of family members, beneficiaries or information contained in actual policies were compromised. Please note, however, that DoD and DON employees and retirees may have had their information included in the human resources information that was compromised. The OPM notification will indicate what information may have been compromised.

New — In the course of the ongoing investigation into the cyber intrusion that compromised personnel records of current and former Federal employees (announced June 4), it was discovered that additional OPM systems were compromised. These systems contain information related to background investigations. OPM, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are working as part of an ongoing investigation to determine the number of people affected by this separate intrusion. OPM will notify those individuals whose information may have been compromised as soon as practicable — notification related to this separate intrusion has not yet begun.

OPM became aware of an intrusion in April 2015. OPM worked with the DHS Computer Emergency Readiness Team (US-CERT) as quickly as possible to assess the extent of the malicious activity and to identify the records of individuals who may have been compromised. During the investigation, OPM became aware of potentially compromised data in May 2015. With any such event, it takes time to conduct a thorough investigation and identify the affected individuals. TSP account numbers are not shared with OPM and, as such, were not impacted.

New — In the course of the ongoing investigation into this cyber intrusion, it was discovered that additional OPM systems were compromised. These systems contain information related to background investigations. OPM, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are working as part of an ongoing investigation to determine the number of people affected by this separate intrusion. OPM will notify those individuals whose information may have been compromised as soon as practicable.

This incident impacts the OPM systems and data. Please note, however, that DoD and DON employees and retirees may have had their information included in the human resources information. For security reasons and due to the ongoing investigation, OPM cannot publicly discuss specifics that might be affected by the compromise of personnel data. OPM has added additional security controls to better protect overall networks and systems and the data they store and process.

Thrift Savings Plan (TSP) account numbers are not shared with OPM and, as such, were not impacted.

New — In the course of the ongoing investigation into this cyber intrusion, it was discovered that additional OPM systems were compromised. These systems contain information related to background investigations. OPM, the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are working as part of an ongoing investigation to determine the number of people affected by this separate intrusion. OPM will notify those individuals whose information may have been compromised as soon as practicable.

What should I do now?

If you have received notification that your personal information has been compromised, please refer to the instructions in the letter or email. Many who have been notified have been advised to take advantage of the 18-month credit monitoring services and identity theft insurance through the company CSID. Impacted employees may also call 1-844-222-2743; (international callers can call collect at 512-327-0700) if they have questions. Due to a high volume of calls, employees may experience extended wait times. Typically, employees will not be able to register for the credit services by phone.

Within about 24 hours after registering, employees will receive a subsequent email that advises the employee "Your CSID identity protection report is now available. One or more of your reports have been updated." Typically, the email follows by listing information which will be available to the employee to include:

• PayDay Loan — A PayDay Loan alert/report may include new inquires of new loans requested at a pay-day loan location using your identity;

• CyberAgentSM — A CyberAgentSM alert/report may contain matches for your information related to criminal chat rooms, news groups and other web sites where criminals trade or sell stolen identities;

• Court Records — A Court Records alert/report may contain matches for name and date of birth from county courts, Department of Corrections (DOC), Administration of the Courts (AOC), and other legal agencies. The types of offenses include felonies, misdemeanors, sexual offenses, traffic citations and more;

• Sex Offender — A Sex Offender alert/report may contain matches for your identity with in Sex Offender registry files or may be an update to registered Sex Offenders in your zip code;

• Social Security Trace — A Social Security Trace alert/report may lists addresses associated with your identity found in public records. A Social Security Trace alert/report may contain matches for your identity found in public records. If you have utilized a nick name in the past when applying for credit or you have changed your last name due to marriage, additional names may be reported. The email ends with a reminder to the employee to log in to their account at https://opm.CSID.com to view the details of this alert.

DON Civilian Employee Assistance Program

The DONCEAP provides support for financial issues and identity theft for all DON civilians and their families. The 24/7 number is 1-844-DONCEAP (1-844-366-2327) TTY 1-888-262-7848, International 001-866-829-0270. Information is also available at http://DONCEAP.foh.hhs.gov and see CHIPS article “DONCEAP Provides ID Theft Assistance” at http://www.doncio.navy.mil/chips/ArticleDetails.aspx?ID=6480 for detailed information.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer