The Federal Government will Become America's Model Employer for the 21st Century.
Recruit, Retain and Honor a World-Class Workforce to Serve the American People.
Review the new 2014 Federal Employees' Group Life Insurance (FEGLI) Handbook
Answering your questions about Healthcare and Insurance
Manage your retirement online.
Human Resources and Security Specialists should use this tool to determine the correct investigation level for any covered position within the U.S. Federal Government.
OPM’s Human Resources Solutions organization can help your agency answer this critically important question.
Developing senior leaders in the U.S. Government through Leadership for a Democratic Society, Custom Programs and Interagency Courses.
Visit this federal site to search for our regulatory notices, proposed and final rules.
See the latest tweets on our Twitter feed, like our Facebook pages, watch our YouTube videos, and page through our Flickr photos.
Welcome! We are committed to recruiting and retaining a world-class workforce for the American people.
Take a look at our blogs and share with others. Once you are on a particular blog page, you can give us the thumbs up. Connect with Acting Director Cobert on Twitter: @OPMDirector and Facebook.com/OPMDirector. Also, find us on other social media channels.
Today, we at the U.S. Office of Personnel Management (OPM) released additional information about a recent cyber incident that affected the background investigation records of current, former, and prospective Federal employees and contractors. It is critical that all of OPM’s constituents, – most importantly – those who are directly impacted by these breaches receive information in a timely, transparent, and accurate manner. As I have said before, we take these incidents extremely seriously and, accordingly, are taking a number of steps to address both our cybersecurity and our process going forward.
First, to help ensure the security and integrity of our systems and to assist with the response to recent incidents, I have brought to OPM experts in cyber security and management from both inside and outside of government. In particular, I have created a new cybersecurity advisor position and will have more information on this in the coming days. In addition, in recent weeks, we brought to OPM a team of technical experts who have spent countless hours conducting a diligent investigation and a comprehensive review of systems. Finally, because I believe it is important to hear from a variety of perspectives when addressing dynamic cybersecurity threats, I am consulting with Chief Information Officers and other leading experts from technology firms and other private companies that have experienced their own cyber incidents, to discuss the collective challenges we face and hear their advice.
Second, and as described more fully in today’s press release OPM will be providing a comprehensive suite of credit and identity theft monitoring and protection services for background investigation applicants and non-applicants whose Social Security Numbers and other sensitive information were stolen. Individualized notification packages offering these services, with further details on the incident, will be sent in the coming weeks. We will be incorporating lessons learned and feedback from stakeholders about the notification process just completed for a related cybersecurity incident.
Third, OPM believes it is important to focus on the service we provide our customers. To that end, OPM is launching new resource efforts to maintain continued contact with our constituents. OPM has established an online cybersecurity incident resource center at https://www.opm.gov/cybersecurity to offer information regarding materials, training, and useful information on best cyber practices. In the coming weeks, OPM will also open a call center to respond to inquiries and give more assistance. In the interim, individuals are encouraged to visit https://www.opm.gov/cybersecurity.
Fourth, from the beginning of my time as the Director of OPM, I have made cybersecurity a top priority and will continue to do so. OPM continues to take aggressive action to strengthen its broader cyber defenses and IT systems. To this end, in June, OPM identified 15 new steps to improve security, leverage outside expertise, modernize its systems, and ensure internal accountability in its cyber practices. These 15 steps are in addition to 23 actions already taken to strengthen cybersecurity since the beginning of my tenure at OPM. I have also initiated a comprehensive review of the security of OPM’s IT systems to identify and immediately mitigate any other vulnerabilities that may exist. That review is ongoing.
Fifth, I realize that OPM’s cyber security efforts must also come in the broader context of the government’s IT systems. The Federal government, led by the Office of Management and Budget, is taking aggressive actions to continually strengthen its cyber defenses, and all agencies are currently engaged in a 30-day cybersecurity sprint, whereby immediate steps are being taken to further protect information and assets and improve the resilience of Federal networks. OPM is fully engaged in this effort.
Finally and importantly, OPM will participate, along with our interagency Suitability and Security Performance Accountability Council partners, in a 90 day review of key questions related to information security, governance, policy, and other aspects of the security and suitability determination process, to ensure that it is conducted in the most efficient, effective and secure manner possible.
Cybersecurity incidents are unfortunately not without precedent. As the President has made clear, cybersecurity is one of the most important challenges we face as a Nation. In working together across OPM and across the Federal government, I will continue to take aggressive steps to support efforts to improve Federal cybersecurity and to develop new policies and capabilities to identify, defend against, and counter malicious cyber actors.
As our hardworking Federal workforce enjoys a much-deserved holiday weekend, I want to share a quick update on the ongoing investigation into the recent theft of information from OPM’s networks.
For those individuals whose data may have been compromised in the intrusion affecting personnel records, we are providing credit monitoring and identity protection services. My team has worked with our identity protection contractor to increase staff to handle the large volume of calls, and to dramatically reduce wait times for people seeking services. As of Friday, our average wait time was about 2 minutes with the longest wait time being about 15 minutes.
Thanks to the tireless efforts of my team at OPM and our inter-agency partners, we also have made progress in the investigation into the attacks on OPM’s background information systems. We hope to be able to share more on the scope of that intrusion next week, and in the coming weeks, we will be working hard to issue notifications to those affected.
I want you to know that I am as concerned about these incidents as you are. I share your anger that adversaries targeted OPM data. And I remain committed to improving the IT issues that have plagued OPM for decades.
One of my first priorities upon being honored with the responsibility of leading OPM was the development of a comprehensive IT strategic plan, which identified security vulnerabilities in OPM’s aging legacy systems, and, beginning in February 2014, embarked our agency on an aggressive modernization and security overhaul of our network and its systems. It was only because of OPM’s aggressive efforts to update our cybersecurity posture, adding numerous tools and capabilities to our networks, that the recent cybersecurity incidents were discovered.
I am committed to finishing the important work outlined in my Strategic IT Plan and together with our inter-agency partners, OPM will continue to evaluate and improve our security systems to make sure our sensitive data is protected to the greatest extent possible, across all of our networks.
We are living in an era where cybersecurity must be a priority in our lives at work and at home. I encourage you to take some time to learn about the ways you can help protect your own personal information. There are many helpful resources available on our website.
I’m wishing you a safe and relaxing 4th of July weekend.
As our team at OPM continues to work tirelessly to fortify our data systems with stronger security upgrades, I wanted to notify our Federal family that we have taken the e-QIP system offline temporarily. E-QIP is a web-based platform used to complete and submit background investigation forms.
I recently ordered a comprehensive review of the security of OPM IT systems. During this ongoing review, my team and our interagency partners identified a vulnerability in the e-QIP system. Out of an abundance of caution, I have asked that the system be taken offline until stronger security enhancements are implemented.
I want to be clear that we are proactively taking this action to ensure the ongoing security of our network. This decision was not in response to direct malicious activity on this network, and there was no evidence that the vulnerability was exploited by an adversary.
While we add these security enhancements to the network, we expect the e-QIP system could be offline from four to six weeks. All of us at OPM recognize and regret the impact this action will have on both users and agencies, but please know that the team is working hard to quickly implement these security upgrades so that we can resume this service as soon as it’s safe to do so. In the meantime, we will be working with our partner agencies on alternative approaches to meet the needs of our customers.
I want to personally apologize for the inconvenience, but know that we take very seriously the responsibility OPM holds in securing Federal employee data. Improving OPM’s IT security posture is the utmost priority as we work to recruit, engage, and honor America’s talented and hardworking Federal workforce.
As our investigation into the cyberintrusions and theft of information at OPM continues, I want to reassure our Federal family how seriously I take our responsibility to provide you with timely and accurate information, as well as the resources to protect you from any malicious activity that may come from these events.
For individuals who were impacted by the incident involving personnel data that we announced on June 4, OPM is offering credit monitoring services and identity theft insurance through CSID, a subcontractor to Winvale. This includes credit monitoring, as well as access to credit reports, identity theft insurance, and recovery services and the services are available immediately at no cost.
I am deeply troubled by the challenges some employees and retirees have been having while trying to take advantage of these services. I want you to know that we are working to quickly improve your experience. And we’ve made progress.
Over the past week, CSID has been increasing the number of call center employees available to answer your questions. Additionally, they are equipped with the latest list of Frequently Asked Questions to make sure everyone is getting updated and consistent information.
Wait times are also a concern. The good news is that, because CSID has been adding additional call center employees, the wait times are down significantly. A new feature has also been added giving you the option to have the center call you back when it’s your turn. This keeps you from having to wait on hold.
We know that many of the calls coming in are from people who would like to know whether they were affected. To help keep those calls from slowing down people calling with enrollment issues, a new feature was added this week. It allows individuals to self-select if they are calling to find out if they qualify for coverage or for any reason other than to enroll. Those calls are now answered by a separate team, helping to speed up your access to the call center.
I encourage you to read through our Frequently Asked Questions before calling CSID. We’re updating this page as new information becomes available, and we hope to get as many answers to your questions as we can, as quickly as possible.
Each and every day, as we investigate these attacks and aggressively work on the redesign of our computer network, we are keeping in mind the millions of men and women who have and continue to serve the American people. We honor your contributions and the trust you put in us to keep your information safe. I pledge that we will do everything we can to give you the support you need.
As we at OPM and our partners across government work quickly to investigate the nature and scope of the cyberattacks that invaded our network and systems, I want to make sure that our Federal employee family knows that I continue to work each and every day to make sure that the data OPM is entrusted with protecting is secure now and for the future.
I am as concerned as our Federal workforce by these cyberintrusions, and I want employees to know we are redoubling our efforts to make sure our systems are as secure as possible. We know that our adversaries are sophisticated, well-funded, and focused. We know this because in an average month, OPM thwarts millions of attempts to break into our network.
Before I detail the work my OPM team is doing to upgrade our aging systems, to investigate the cyberintrusions, and to plan for the future, I want to make sure all Federal employees know that OPM has continued to operate with strong confidence in the security of the data it handles.
So how did we get here? In November of 2013, when the President honored me with the assignment to lead the men and women of OPM, I quickly realized that the agency’s outdated, legacy system needed to be modernized. My team got to work on the comprehensive IT Strategic Plan during my first 100 days as OPM Director. That plan clearly identified security vulnerabilities in our aging systems. We immediately began an aggressive modernization and security overhaul.
It was because of that overhaul and the tools we put in place to strengthen our cybersecurity that OPM -- working with our partners at the Department of Homeland Security and the Federal Bureau of Investigation -- was able to detect the cyberbreaches of personnel and background investigations data. That work continues, and continues aggressively. We have upgraded our network monitoring and logging capability and added firewalls that allow OPM to better filter network traffic. The remote access for our network administrators has been restricted.
On June 4, we publicly announced that we believed that the personally identifiable information (PII) of about 4 million current and former Federal employees had been compromised. Almost immediately, we began notifying those affected and they are getting access to credit monitoring and other services they may need. As the investigation has proceeded, we recently confirmed that OPM systems containing information related to the background investigations of current, former, and prospective Federal employees may have been compromised. We are working intensively to assess the scope of that attack and we will notify affected individuals as soon as possible.
Each and every day, as we work through the challenges of investigating these attacks and aggressively work on the redesign of our computer network, I am thinking about the millions of men and women who work – and who have worked – to serve the American people.
Our OPM team knows that you have entrusted your sensitive personal information to us. It is a trust we will continue to honor and one that is foremost in our minds as we do the critical work necessary to prevent, detect, and thwart future cyberattacks.
There was an unexpected error when performing your action.
Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.