Posted on Jun 15, 2015
CAPT Kevin B.
7.13K
3
7
1
1
0
Just came in. OPM's initial (hopefully) response with disclaimers. What do you think?

I am writing to inform you that the U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have exposed your personal information.

Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) to determine the impact to Federal personnel. OPM immediately implemented additional security measures and will continue to improve the security of the sensitive information we manage.

You are receiving this notification because we have determined that the data compromised in this incident may have included your personal information, such as your name, Social Security number, date and place of birth, and current or former address. To help ensure your privacy, upon your next login to OPM systems, you may be required to change your password.

OPM takes very seriously its responsibility to protect your information. While we are not aware of any misuse of your information, in order to mitigate the risk of potential fraud and identity theft, we are offering you credit monitoring service and identity theft insurance through CSID, a company that specializes in identity theft protection and fraud resolution. All potentially affected individuals will receive a complimentary subscription to CSID Protector Plus for 18 months. Every affected individual, regardless of whether or not they explicitly take action to enroll, will have $1 million of identity theft insurance and access to full-service identity restoration provided by CSID until 12/7/16.

To access the trusted pages that will facilitate enrollment into this identity protection service, type or paste the following website into your browser: https://www.csid.com/opm.

You will need to use the PIN code provided to enroll in these services. Individuals can also contact CSID with any questions about these free services by calling this toll free number, [login to see] (International callers: call collect at [login to see] ).
Protector Plus coverage includes:
• Credit Report and Monitoring: Includes a TransUnion® credit report and tri-bureau monitoring for credit inquiries, delinquencies, judgments and liens, bankruptcies, new loans and more
• CyberAgent® Internet Surveillance: Monitors websites, chat rooms and bulletin boards 24/7 to identify trading or selling of your personal information
• Identity Theft Insurance: Reimburses you for certain expenses in the event that your identity is compromised with a $1,000,000 insurance policy
• Court and Public Records Monitoring: Know if your name, date of birth and Social Security number appear in court records for an offense that you did not commit
• Non-Credit Loan Monitoring: Know if your personal information becomes linked to short-term, high-interest payday loans that do not require credit inquiries
• Change of Address Monitoring: Monitor to see if someone has redirected your mail
• Social Security Number Trace: Know if your Social Security number becomes associated with another individual’s name or address
• Sex Offender Monitoring: Know if sex offenders reside in your zip code, and ensure that your identity isn’t being used fraudulently in the sex offender registry
• Full-Service Identity Restoration: Work with a certified identity theft restoration specialist to restore your ID if you experience any fraud associated with your personal information
These services are offered as a convenience to you. However, nothing in this letter should be construed as OPM or the U.S. Government accepting liability for any of the matters covered by this letter or for any other purpose. Any alleged issues of liability concerning OPM or the United States for the matters covered by this letter or for any other purpose are determined solely in conformance with appropriate Federal law. Please note that these services are offered to the specific addressee of this letter and are not available to anyone other than the individual who received this notification.

We regret this incident. Please be assured that OPM remains deeply committed to protecting the privacy and security of information and has taken appropriate steps to respond to this intrusion. The incident was uncovered as a result of OPM’s aggressive effort to update its cybersecurity posture over the past year, including the addition of numerous tools and capabilities to its networks that both help detect and deter a cyber-attack.

Please note that neither OPM nor any company acting on OPM’s behalf will contact you to confirm any personal information. If you are contacted by anyone purporting to represent OPM and asking for your personal information, do not provide it.

To learn more and enroll, visit CSID’s website at https://www.csid.com/opm.
Avatar feed
Responses: 6
Col Joseph Lenertz
2
2
0
Not close to enough. They violated the law. There is a legal requirement to encrypt data at rest. They did not do it. I predict a class action law suit.
(2)
Comment
(0)
CAPT Kevin B.
CAPT Kevin B.
>1 y
A suit would have to prove actual damages which OPM seems to be buying 18 months of insurance for. I'd expect all a suit could do would get the 18 months pushed out.
(0)
Reply
(0)
Avatar small
Maj Kevin "Mac" McLaughlin
0
0
0
Did they do enough? Obviously not. Could they? Absolutely. Are they doing enough now? I doubt it but I have no insight into what they've been instructed to do and how they're doing it. I know what could be done and they need advisors who understand the aspects of maintaining confidentiality, integrity, and availability of this data.
(0)
Comment
(0)
Avatar small
GySgt Wayne A. Ekblad
0
0
0
(0)
Comment
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close