Friend gets letter from U.S. OPM indicating personal info compromised in the database hack

Oh wow. The extent of this hack has to be tremendous. Anyone else know anyone getting letters?

ping

Correction...has not worked for Federal Government since 1994 or 1995.

I received a letter from the Office of Personnel Management. I worked for the then United States Post Office in 1969 when I was attending college. I had almost forgotten I had worked for the post office.

Yep...I received one yesterday. I haven’t determined yet if it is a ruse attempting to get me to sign up for some id software.

He is wondering about that too.

That's what was on the news, goes back to former federal employees through the 80's.

I haven't worked for the Fed Gov since 1987 and haven't received anything yet but am mindful that I could. I didn't retire. I quit.

The entire US Government seems to be one Black Swan event waiting to happen.

Post/thread BUMP!

In the meantime, the bozo in chief is more worried about some wacko in South Carolina and campaigning in California.

My letter was redirected to China. Never got it.

ROFL!!!

Damn that Edward Snowden for outsourcing the OPM data management to China!

The fed agency that was hacked by China apparently outsourced some data management to … China
http://freerepublic.com/focus/f-news/3301719/posts

Officials: Chinese had access to U.S. security clearance data for one year
http://freerepublic.com/focus/f-news/3301834/posts

Gov’t OUTSOURCED management to IT workers with TOTAL ACCESS to database… in CHINA
http://freerepublic.com/focus/f-news/3301763/posts

Office of Personnel Management IT Was Running Out of… China
http://freerepublic.com/focus/f-news/3301801/posts

These guys give mouth-breathing idiots a bad name...

I was curious about your name, so I looked it up. I love it:

In the Book of Daniel Chapter 5, a disembodied hand was witnessed at Belshazzar's feast writing on the palace wall of Babylon. The event occurred while those at the feast profaned the sacred vessels that were pillaged from the Jerusalem Temple. The words that appeared on the palace wall were: "Mene, Mene, Tekel, Upharsin." The visionary Daniel was summoned to interpret the message, which as he explains, was the imminent end for the Babylonian kingdom. That night, Belshazzar was killed and the Medo-Persians sacked the capital city.

I received mine by email.

And golf, don't forget golfing in Southern California.

(someone told me she'd seen MC1 earlier this week - now I believe her)

am writing to inform you that the U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have exposed your personal information.
Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) to determine the impact to Federal personnel. OPM immediately implemented additional security measures and will continue to improve the security of the sensitive information we manage.
You are receiving this notification because we have determined that the data compromised in this incident may have included your personal information, such as your name, Social Security number, date and place of birth, and current or former address. To help ensure your privacy, upon your next login to OPM systems, you may be required to change your password.
OPM takes very seriously its responsibility to protect your information. While we are not aware of any misuse of your information, in order to mitigate the risk of potential fraud and identity theft, we are offering you credit monitoring service and identity theft insurance through CSID, a company that specializes in identity theft protection and fraud resolution. All potentially affected individuals will receive a complimentary subscription to CSID Protector Plus for 18 months. Every affected individual, regardless of whether or not they explicitly take action to enroll, will have $1 million of identity theft insurance and access to full-service identity restoration provided by CSID until 12/7/16.
To access the trusted pages that will facilitate enrollment into this identity protection service, type or paste the following website into your browser: https://www.csid.com/opm

You will need to use the PIN code at the top of this correspondence to enroll in these services. Individuals can also contact CSID with any questions about these free services by calling this toll free number, 844-777-2743 (International callers: call collect at 512-327-0705 512-327-0705).
Protector Plus coverage includes:
• Credit Report and Monitoring: Includes a TransUnion® credit report and tri-bureau monitoring for credit inquiries, delinquencies, judgments and liens, bankruptcies, new loans and more
• CyberAgent® Internet Surveillance: Monitors websites, chat rooms and bulletin boards 24/7 to identify trading or selling of your personal information
• Identity Theft Insurance: Reimburses you for certain expenses in the event that your identity is compromised with a $1,000,000 insurance policy
• Court and Public Records Monitoring: Know if your name, date of birth and Social Security number appear in court records for an offense that you did not commit
• Non-Credit Loan Monitoring: Know if your personal information becomes linked to short-term, high-interest payday loans that do not require credit inquiries
• Change of Address Monitoring: Monitor to see if someone has redirected your mail
• Social Security Number Trace: Know if your Social Security number becomes associated with another individual’s name or address
• Sex Offender Monitoring: Know if sex offenders reside in your zip code, and ensure that your identity isn’t being used fraudulently in the sex offender registry
• Full-Service Identity Restoration: Work with a certified identity theft restoration specialist to restore your ID if you experience any fraud associated with your personal information
These services are offered as a convenience to you. However, nothing in this letter should be construed as OPM or the U.S. Government accepting liability for any of the matters covered by this letter or for any other purpose. Any alleged issues of liability concerning OPM or the United States for the matters covered by this letter or for any other purpose are determined solely in conformance with appropriate Federal law. Please note that these services are offered to the specific addressee of this letter and are not available to anyone other than the individual who received this notification.

We regret this incident. Please be assured that OPM remains deeply committed to protecting the privacy and security of information and has taken appropriate steps to respond to this intrusion. The incident was uncovered as a result of OPM’s aggressive effort to update its cybersecurity posture over the past year, including the addition of numerous tools and capabilities to its networks that both help detect and deter a cyber-attack.

Please note that neither OPM nor any company acting on OPM’s behalf will contact you to confirm any personal information. If you are contacted by anyone purporting to represent OPM and asking for your personal information, do not provide it.

To learn more and enroll, visit CSID’s website at https://www.csid.com/opm

Sincerely,

Donna K. Seymour
Chief Information Officer
U.S. Office of Personnel Management

Additional Information

As a reminder, you should follow the below routine precautionary measures to help protect your identity and personal affairs:
• Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
• Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228 1-877-322-8228 FREE. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax, Experian, and TransUnion – for a total of three reports per year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
• Review resources provided on the FTC identity theft website, www.identitytheft.gov. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
• You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call Trans Union at 1-800-680-7289 1-800-680-7289 FREE to place this alert. TransUnion will then notify the other two credit bureaus on your behalf.
How to avoid becoming a victim:
• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about you, your employees, your colleagues or any other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Do not send sensitive information over the Internet before checking a website’s security (for more information, see Protecting Your Privacy, www.us-cert.gov/ncas/tips/ST04-013).
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (www.antiphishing.org).
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (for more information, see Understanding Firewalls, www.us-cert.gov/ncas/tips/ST04-004; Understanding Anti-Virus Software, www.us-cert.gov/ncas/tips/ST04-005; and Reducing Spam, www.us-cert.gov/ncas/tips/ST04-007).
• Take advantage of any anti-phishing features offered by your email client and web browser.
Additionally, if you are or have been a Federal employee or contractor and become aware of any contacts or other activity that could raise security concerns, you should immediately contact your security officer or former security officer for further guidance.

You can obtain additional information about steps to avoid identity theft from the following agencies. The FTC also encourages those who discover that their information has been misused to file a complaint with the FTC.

For California Residents:
Visit the California Office of Privacy
Protection (www.privacy.ca.gov) for
additional information on protection
against identity theft.

For Kentucky Residents:
Office of the Attorney General of Kentucky
700 Capitol Avenue, Suite 118
Frankfort, Kentucky 40601
www.ag.ky.gov
Telephone: 1-502-696-5300 1-502-696-5300

For Maryland Residents:
Office of the Attorney General of Maryland
Consumer Protection Division
200 St. Paul Place
Baltimore, MD 21202
www.oag.state.md.us/Consumer
Telephone: 1-888-743-0023 1-888-743-0023 FREE
For North Carolina Residents:
Office of the Attorney General of North Carolina
9001 Mail Service Center
Raleigh, NC 27699-9001
www.ncdoj.com
Telephone: 1-919-716-6400 1-919-716-6400

For all other US Residents:
Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
www.identitytheft.gov
1-877-IDTHEFT 1-877-IDTHEFT FREE (438-4338)
TDD: 1-202-326-2502 1-202-326-2502

CSID | 1501 S. MoPac Expressway | Austin, TX 78746

Article, then check out more info in comments, esp # 13 .

Thanks, Whenifhow.

I’ve been wondering if I’m involved- not as a federal employee, but a civilian employee working as an employee of a contractor to the government with a clearance through about 1987.

This was not a hack.