The U.S. Office of Personnel Management, OPM, recently revealed a cybersecurity incident affecting its systems and data that may have exposed the Personally Identifiable Information, PII, of some current and former federal employees including more than 8,000 civilian Coast Guard employees.
Beginning June 8, 2015, and continuing through June 19, 2015, OPM will be sending notifications to individuals whose PII was potentially compromised in this incident.
OPM retained a private vendor, CSID, to transmit the notifications. Consequently, the email will come from email@example.com and will not come from a .gov email address. The notification will feature a CSID logo and will contain information regarding credit monitoring and identity theft protection services being provided to those federal employees impacted by the data breach.
Regardless of whether or not you receive this notification, you should take extra care to ensure that they are following recommended cyber and personal security procedures. If you suspect that you have received a phishing attack, contact your component’s security office.
Steps for Monitoring Your Identity and Financial Information
• Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
• Request a free credit report. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax, Experian, and TransUnion – for a total of three reports every year. You can find contact information for the credit bureaus on the Federal Trade Commission (FTC) website.
• Review resources provided on the FTC identity theft website. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
• You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion at 1-800-680-7289 to place this alert. TransUnion will then notify the other two credit bureaus on your behalf.
Precautions to Help You Avoid Becoming a Victim
• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about you, your employees, your colleagues or any other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Do not send sensitive information over the Internet before checking a website’s security. For more information, see Protecting Your Privacy.
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
• You should take steps to monitor your personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center.
Additional information is also available on CSID’s website, or you can call them toll-free at 1-844-777-2743.