Click here to skip navigation
An official website of the United States Government.

Cybersecurity Resource Center Information About Personnel Data Incident

About Winvale/CSID Services

OPM is providing free identity theft monitoring and restoration services to individuals whose data were impacted by the personnel records incident through Winvale, which has partnered with CSID. CSID is a private-sector identity protection company.

Those impacted by the personnel records incident have received their notifications along with information about identify theft monitoring and restoration services. To enroll, to verify whether you were impacted by this incident, or for general questions about the personnel records data incident, please call CSID’s call center at 844-777-2743 (International callers: call collect at 512-327-0705) between 9:00 a.m. and 9:00 p.m. Eastern Time. You can also enroll through CSID’s website, www.csid.com/OPM.

Even if impacted individuals do not take steps to enroll in credit monitoring services, they still have to verify that they are eligible to access to identity theft insurance and full-service identity restoration provided by CSID prior to taking advantage of these services.

Additional Services Available Through Winvale/CSID

  • Credit Monitoring
    • This service will monitor any changes reported to all three national credit bureaus (Experian, Equifax and TransUnion), including changes to personal information, public records, inquiries, loans, new account openings, bankruptcies, and existing accounts reported past due.

  • Internet Surveillance
    • This surveillance monitors millions of public and criminal Internet properties and alerts you if it finds your personal information being illegally traded or sold online.

  • Court and Public Records Monitoring
    • This monitoring service tracks municipal court systems and public records for criminal activity and arrest records and alerts you if there is a match to your name and date of birth.

  • Non-Credit Loan Monitoring
    • Non-credit loan monitoring will let you know if your personal information becomes linked to short-term, high-interest payday loans that do not require credit inquiries.

  • Change of Address
    • This service monitors address change requests submitted through a national change of address database and alerts you if your mail has been redirected to a new address. Change of address monitoring reports only the changes in address that have been processed through the national database from the US Postal Service. Change of address monitoring does not track UPS or FedEx-only addresses or private mailboxes.

  • Sex Offender Report
    • This will provide a report of all registered sex offenders living within your immediate area, and alerts you when a new sex offender is added. It also notifies you if a sex offender fraudulently registers using any part of your identity. Sex offender records are generated from state-level sex offender registries. Sex offender monitoring searches a database of more than 1.8 million records from 49 state registries as well as Washington, DC, Native American reservations, Guam, Puerto Rico, and the U.S. Virgin Islands. Mississippi does not allow access to its records, but information about sex offenders in Mississippi is still included in CSID’s database when offenders have moved there from other states.

  • Social Security Number Trace
    • This service provides you with a report of all names and aliases associated with your Social Security number, and notifies you if a new one is added. If your report contains names and/or addresses that are not familiar to you, there is probably an error in public records information. However, this could be an indication of identity theft. If you see unfamiliar information in your trace report, please call CSID’s customer support.

      If you believe you are a victim of identity theft, please call CSID’s call center at 844-777-2743 (International callers: call collect at 512-327-0705) between 9:00 a.m. and 9:00 p.m. Eastern Time.

FAQs About the Personnel Records Incident

  • Am I impacted by the incident involving personnel records?
    • Current or former Federal employees may have been impacted by the incident involving personnel records (approximately 4.2 million current and former Federal employees have been impacted). Contractor employees were not impacted, unless they were also current or former Federal employees. Notifications have been sent to those impacted.

      Individuals impacted by the personnel records incident should have received their notification along with information about identify theft monitoring and restoration services. You may enroll through CSID’s website, www.csid.com/OPM, or call CSID’s call center at 844-777-2743 (International callers: call collect at 512-327-0705) between 9:00 a.m. and 9:00 p.m. Eastern Time. To verify whether you were impacted by this incident or get additional assistance, please call CSID’s call center and an agent will be able to help you.

  • I am deaf or hard of hearing. What system is available for me to contact CSID?
    • If you are deaf or hard of hearing, you can use the CSID call center TTY line at 844-777-2743. If you do not have a text input device, dial 711 from your phone and ask to be connected with 844-777-2743. Call center agents are available between 9:00 a.m. to 9:00 p.m. Eastern Time.

  • What is the difference between CSID and MyIDCare?
    • In 2015, OPM discovered two separate but related cybersecurity incidents that have impacted the data of Federal government employees, contractors, and others. First, OPM discovered malicious cyber activity on its network resulting in the exposure of the personnel data of approximately 4.2 million current and former Federal government employees. Individuals impacted by this incident are being provided services through Winvale, which has partnered with CSID. Second, OPM discovered malicious cyber activity on its network resulting in the exposure of the background investigation records of approximately 21.5 million individuals, primarily current, former, and prospective Federal employees and contractors. Individuals impacted by this incident are being provided services through ID Experts’ service, called MyIDCare.

      After registering with CSID, will fraud alerts automatically be in place for me with all three national credit bureaus, or will I also need to call the bureaus individually? Credit monitoring differs from fraud alerts in that credit monitoring allows an individual to use their credit accounts without restriction and does not have to be renewed during the 18 months of service. Credit monitoring also notifies an individual of any changes to his or her credit file, including new credit inquiries, new account creation, new names associated with a Social Security number, employment history, and many other activities.

      A fraud alert makes it more difficult for an identity thief to misuse your credit by requesting that a credit issuer contact you to verify your identity before it issues any new credit. A fraud alert lasts for 90 days, after which it must be renewed.

      CSID provides credit monitoring, but it cannot set up fraud alerts with the three national credit bureaus because each credit bureau requires individuals to sign up for fraud alerts. CSID can provide the contact information for Transunion, one of the three credit bureaus, to place a fraud alert on your credit accounts. Transunion will automatically work with the other two bureaus, Equifax and Experian, to set up a 90-day fraud alert.

  • What if I was impacted by both incidents? Am I eligible for services offered in response to both incidents?
    • Yes. If you were impacted by both incidents, you should have received separate notifications for each incident and you are eligible to sign up for services from both incidents.

      If you incurred expenses in connection with restoring your identity, rather than take advantage of the identity restoration services that are being provided to you, you may only make an identity theft insurance claim with one service provider. If you were impacted by the cyber incident involving background investigation records, you should make your claim(s) with ID Experts. If you were ONLY impacted by the cyber incident involving personnel data, you should make your claim with CSID.

  • I forgot my Username / Password for CSID. What can I do?
    • Effective mid-June 2016, members were prompted to change their User ID to their email address. The system requires each user to have a unique email address.

      For username / email address or password assistance, please call CSID at 844-777-2743 (International callers: call collect at 512-327-0705) between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • How much identity theft insurance coverage is being provided?
    • If you incurred expenses in connection with restoring your identity, rather than take advantage of the identity restoration services that are being provided to you, identity theft insurance can help to reimburse you for certain expenses incurred if your identity is stolen.

      Insurance for the personnel records incident became effective on June 2, 2015 and the scope of this coverage includes all incidents of identity theft that occur during the coverage period, regardless of the source. This insurance originally covered up to $1 million in expenses incurred in restoring identity with no deductible. Effective June 1, 2016, you are eligible to receive up to $5 million in identity theft insurance with no deductible.

      If you were impacted by the cyber incident involving background investigation records, you should make your claim(s) with ID Experts. If you were ONLY impacted by the cyber incident involving personnel data, you should make your claim with Winvale, which has partnered with CSID.

  • When my free services expire, will I be automatically re-enrolled or forced to pay for anything?
    • At the end of your membership, it will expire and your membership will end. You will not be charged after your free membership expires, unless you choose to re-enroll on your own.

      In late 2015, the President signed into a law a provision which will extend identity protection coverage to a period of not less than 10 years for those who were impacted by the background investigation and personnel records incidents. OPM is working to implement the extended 10-year period.

Control Panel