Everyone has heard about the massive breach of 21.5 million identities stolen from the Office of Personnel Management in an attack that was revealed in June 2015. Any person who underwent a security clearance would be in the OPM database. The sensitivity of the information is immense as it contains personal information commonly used to identify you: your mother’s maiden name, birthdate, place of birth, educational and work history, information about your family, and your SSN.
Many financial and health websites use challenge questions and answers to identify yourself when resetting a password, updating account credentials, or simply logging in from another computer. It’s feared that hackers in possession of the OPM data could use that information to hijack sensitive accounts and gain access to financial information.
Change your challenge and identification questions
and answers on your financial accounts immediately
Take the time to identify your banking, financial services, and bill payment websites, changing the following:
- Change questions asked to those that would not be known during a clearance investigation: your favorite color or make of your first car, for example. Avoid any questions such as spouse’s name, birthplace, where you went to school, etc.
- If you can’t change the questions asked, change the ANSWERS to the questions. You just have to remember what they are. These do not have to be truthful. If you were born in Bethesda you could change the answer to Silver Spring. The point is to block online account access.
- The next thing to do is to change account alert notifications from email to text messages or a real phone call. Remove email notifications as your email account could be hijacked. It’s a bit more challenging and noticeable to steal one’s cell phone.
OPM is offering free credit monitoring services
Everyone affected will receive a physical letter with a PIN to activate free credit monitoring from a company called ID Experts. The company will provide the hack victims and their dependent minor children with free credit monitoring, identity monitoring, identity theft insurance and identity restoration services for three years. You can also take the steps, if you haven’t already, to examine your credit reports yourself by using annualcreditreport.com
OPM Breach Facts
- 21.5 million individuals affected
- 133 million dollars spent on credit monitoring
- The attack initially began in March 2014 and was noticed in April 2015
- OPM had been warned multiple times of security vulnerabilities and failings. A March 2015 OPM Office of the Inspector General semi-annual report to Congress warned of “persistent deficiencies in OPM’s information system security program,” including “incomplete security authorization packages, weaknesses in the testing of information security controls, and inaccurate Plans of Action and Milestones” Encrypting this data at rest would have prevented this exposure