Click here to skip navigation
An official website of the United States Government.

Cybersecurity Resource Center Cybersecurity Incidents

What Happened

OPM recently discovered two separate but related cybersecurity incidents that have impacted the data of Federal government employees, contractors, and others:

  1. In June 2015, OPM discovered that the background investigation records of current, former, and prospective Federal employees and contractors had been stolen. OPM and the interagency incident response team have concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, primarily spouses or co-habitants of applicants. Some records also include findings from interviews conducted by background investigators and approximately 5.6 million include fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen. Notifications for this incident started on September 30, 2015. We estimate notifications will continue for approximately 12 weeks.

    While background investigation records do contain some information regarding mental health and financial history provided by applicants and people contacted during the background investigation, there is no evidence that health, financial, payroll and retirement records of Federal personnel or those who have applied for a Federal job were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

  2. Earlier in 2015, OPM discovered that the personnel data of 4.2 million current and former Federal government employees had been stolen. This means information such as full name, birth date, home address and Social Security Numbers were affected. You should have already received a notification if you were impacted by this incident.

OPM and an interagency team from the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have been investigating these incidents, and are working to put in place changes that will prevent similar thefts in the future. Based on the analysis and forensics to date, the interagency incident response team assesses that the adversary is no longer active on OPM's network.

Back to Top

How You May Be Affected

If you underwent a Federal background investigation in 2000 or afterwards (which occurs through the submission of forms SF-86, SF-85, or SF-85P for either a new investigation or a reinvestigation), it is highly likely that you are impacted by the incident involving background investigations. If you underwent a background investigation prior to 2000, you still may be impacted, but it is less likely.

Learn more about who was impacted and the protections we are working to put into place.

  • Current and former Federal government employees
    • If you are a current or former Federal government employee, including members of the U.S. military, you may have been impacted by the incident affecting background investigation records. Current or former Federal government employees may also have been impacted by the separate incident involving personnel data.

      • Types of information involved in the background investigation records incident that may have been impacted:
        • Social Security Numbers
        • Residency and educational history
        • Employment history
        • Information about immediate family and personal and business acquaintances
        • Health, criminal and financial history that would have been provided as part of your background investigation

        Some records could also include:

        • Findings from interviews conducted by background investigators
        • Fingerprints
        • Usernames and passwords used to fill out your forms

        If you may have used your e-QIP (the online system used to process forms) password for other accounts or services, you should change your passwords for those accounts immediately and not reuse any passwords that you used in the e-QIP system.

      • Types of information involved in personnel data incident include:
        • Name
        • Social Security number
        • Date and place of birth
        • Current and former addresses
        • Common personnel file information such as job assignments, training records, and benefit selection decisions

      Protections available to you:

      1. For those affected by the background investigation incident, you will receive a notification letter and PIN code in the mail providing details on the incident and the services available to you and your minor dependent children at no cost for three years (until December 31, 2018) such as:
        • Full service identity restoration, which helps to repair your identity following fraudulent activity. Those affected by the background investigation incident can review the identity theft monitoring and restoration services information.
        • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.
        • Continuous identity and credit monitoring.
      2. We have sent notifications to those affected by the incident involving personnel data. We are offering free identity theft monitoring and restoration services. If you were affected by this incident, you have been sent a notice that includes information about the free services available to you for 18 months. As part of this service, you are automaticallyenrolled in:
        • Full service identity restoration, which helps to repair your identity following fraudulent activity. Those affected by the personnel data incident can review the identity theft monitoring and restoration services information.
        • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.

        Instructions on how to enroll in other services were included in your notification. If you have not yet received a notification but believe you were impacted by the incident involving personnel data, here's more information on the services available.

  • Active duty servicemembers and veterans
    • If you are an active duty servicemember or veteran, you may have been impacted by the incident affecting background investigation records. We have no evidence to suggest that active duty servicemembers or veterans were affected by the separate incident involving personnel data.

      Types of information involved in the background investigation records incident that may have been impacted:

      • Social Security Numbers
      • Residency and educational history
      • Employment history
      • Information about immediate family and personal and business acquaintances
      • Health, criminal and financial history that would have been provided as part of your background investigation

      Some records could also include:

      • Findings from interviews conducted by background investigators.
      • Fingerprints
      • Usernames and passwords used to fill out your forms

      If you may have used your e-QIP (the online system used to process forms) password for other accounts or services, you should change your passwords for those accounts immediately and not reuse any passwords that you used in the e-QIP system.

      Protections available to you:

      For those affected by the background investigation incident, you will receive a notification letter and PIN code in the mail providing details on the incident and the services available to you and your minor dependent children at no cost for three years (until December 31, 2018) such as:

      • Full service identity restoration, which helps to repair your identity following fraudulent activity. Those affected by the background investigation incident can review the identity theft monitoring and restoration services information.
      • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.
      • Continuous identity and credit monitoring
  • Current and former Federal contractors
    • Current or former Federal contractors may have been impacted by the incident affecting background investigation records. We have no evidence to suggest that current or former Federal contractors were affected by the separate incident involving personnel data.

      Types of information in the incident involving background investigation records

      • Social Security Numbers
      • Residency and educational history
      • Employment history
      • Information about immediate family and personal and business acquaintances
      • Health, criminal and financial history

      Some records could also include:

      • Findings from interviews conducted by background investigators
      • Fingerprints 
      • Usernames and passwords used to fill out your forms

      If you may have used your e-QIP (the online system used to process forms) password for other accounts or services, you should change your passwords for those accounts immediately and not reuse any passwords that you used in the e-QIP system.

      Protections available to you:

      For those affected by the background investigation incident, you will receive a notification letter and PIN code in the mail providing details on the incident and the services available to you and your minor dependent children at no cost for three years (until December 31, 2018) such as:

      • Full service identity restoration, which helps to repair your identity following fraudulent activity. Those affected by the background investigation incident can review the identity theft monitoring and restoration services information.
      • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.
      • Continuous identity and credit monitoring
  • Job candidates for federal employment who were required to complete a background investigation
    • Candidates who were required to complete a background investigation form prior to employment may have been impacted by the incident affecting background investigation records. We have no evidence to suggest that job candidates were affected by the separate incident involving personnel data.

      Types of information in background investigation incident that may have been impacted:

      • Social Security Numbers
      • Residency and educational history
      • Employment history
      • Information about immediate family and personal and business acquaintances
      • Health, criminal and financial history

      Some records could also include:

      • Findings from interviews conducted by background investigators
      • Fingerprints 
      • Usernames and passwords used to fill out your forms

      If you may have used your e-QIP (the online system used to process forms) password for other accounts or services, you should change your passwords for those accounts immediately and not reuse any passwords that you used in the e-QIP system.

      Protections available to you:

      For those affected by the background investigation incident, you will receive a notification letter and PIN code in the mail providing details on the incident and the services available to you and your minor dependent children at no cost for three years (until December 31, 2018) such as:

      • Full service identity restoration, which helps to repair your identity following fraudulent activity. Those affected by the background investigation incident can review the identity theft monitoring and restoration services information.
      • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.
      • Continuous identity and credit monitoring
  • Spouses and co-habitants of current and former Federal employees, contractors, and job candidates whose information was stolen
    • If your information was listed on a background investigation form by a spouse or co-habitant, the stolen information may include your name, Social Security number, address, date and place of birth, and in some cases, your citizenship information.

      Protections available to you:

      For those affected by the background investigation incident, you will receive a notification letter and PIN code in the mail providing details on the incident and the services available to you and your minor dependent children at no cost for three years (until December 31, 2018) such as:

      • Full service identity restoration, which helps to repair your identity following fraudulent activity. Those affected by the background investigation incident can review the identity theft monitoring and restoration services information.
      • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.
      • Continuous identity and credit monitoring
  • Immediate family, close contacts, and references of current and former Federal employees, contractors, and job candidates whose information was stolen
    • Beyond applicants and their spouses or co-habitants described above, you may be someone whose name, address, date of birth, or other similar information may have been listed on a background investigation form. In many cases, the information about these people is the same as what is generally available in public forums such as online directories or social media, and generally does not present the same level of risk of identity theft or other issues. While services will not be provided to you at no cost, there are a number of steps you can take to protect your identity (see below).

Back to Top

What You Can Do

At this time, there is no information to suggest misuse of the information that was stolen from OPM's systems. We are continuing to investigate and monitor the situation. We have started notifying individuals impacted by the background investigation incident. Those impacted will automatically be eligible for some services and will need to take action to enroll in others.

In the meantime, here are steps you can take to protect your identity:

  • Spot the warning signs of identity theft
    • Visit IdentityTheft.gov to learn how to set up protections:

      • Get a free credit report
      • Set up fraud alerts on your accounts
      • Protect your children/minors from identity theft
  • Be aware of phishing scams
    • Phishing is when a fraudster impersonates a business or someone you trust in order to get your private information. Never click on links you don't trust and don't give out your personal information. Legitimate organizations never ask for your information through texts, pop-up messages, or email. Scammers may call and pretend to be from the government or a business to try to get you to give them sensitive information. If a caller asks for your information, call back using a number you know to be legitimate.

  • Update your passwords
    • If the information in your background investigation forms could be used to guess your passwords or if you are using the same password that you did when you filled out your background investigation form, change them. Use complex passwords of 10-12 characters, combining letters, numbers, and special characters. Don't use something that is easily guessable for someone who knows you or has information about you. Don't repeat passwords for several accounts. For more information on how to choose a strong password, review the United States Computer Emergency Response Team’s (US-CERT) tips for Choosing and Protecting Passwords.

  • Get up to speed on computer security
    • Review and check up on your practices for safe, secure and responsible online activity. Onguardonline.gov lists helpful steps you can take to make sure your computer is as safe as possible. For additional information on computer security, including information about firewalls, anti-virus software, and identifying security threats, review tips and the latest cybersecurity alerts and bulletins from the US-CERT’s National Cyber Awareness System.

  • If you think your identity has been stolen
    • If you believe your information has been misused, there are several steps you should take.

      • If you are concerned that you are experiencing identity theft, visit identitytheft.gov. This site explains steps you can take to recover your identity.
      • If you are concerned about your child's identity being stolen, the Federal Trade Commission has information and resources to know what to look for and how to get help.
      • You can also file a claim with the FBI.
  • Learn how to keep your information safe from exploitation
    • You can find information about the measures you can take to ensure the safety of your personal information at the National Counterintelligence and Security Center (NCSC) at http://www.ncsc.gov.

  • Tips for practicing safe online behavior every day
    • Practicing safer online behavior helps you protect yourself from identity theft, fraud, and other online crimes and malicious activity. Learn what you can do to protect yourself, your family, and your workplace through tips and free resources from Stop.Think.Connect™, a national cybersecurity awareness campaign led by the Department of Homeland Security and the National Cyber Security Alliance.

Back to Top

What We're Doing to Help

  • Supporting people who have been affected
      • For those affected by the background investigation incident, you will receive a notification letter and PIN code in the mail providing details on the incident and the services available to you and your minor dependent children at no cost for three years (until December 31, 2018) such as:

        • Full service identity restoration, which helps to repair your identity following fraudulent activity. Those affected by the background investigation incident can review the identity theft monitoring and restoration services information.
        • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.
        • Continuous identity and credit monitoring

        If you’ve received a notification letter and PIN code from OPM, please sign up for MyIDCare.

        Notifications started on September 30, 2015. We estimate notifications will continue for approximately 12 weeks. To stay up-to-date on the latest news and information, including updates on the notification process, sign up for OPM’s cybersecurity email update list.

      • We have sent notifications to those affected by the incident involving personnel data. We are offering free identity theft monitoring and restoration services. If you were affected by this incident, you have been sent a notice that includes information about the free services available to you for 18 months. As part of this service, you are automatically enrolled in:

        • Full service identity restoration, which helps to repair your identity following fraudulent activity;
        • Identity theft insurance, which can help to reimburse you for certain expenses incurred if your identity is stolen.

        Instructions on how to enroll in other services were included in your notification. If you have not yet received a notification but believe you were impacted by the incident involving personnel data, here's more information on the services available.

        Protecting all Federal employees. In the coming months, the Administration will work with Federal employee representatives and other stakeholders to develop a proposal for the types of credit and identity theft monitoring services that should be provided to all Federal employees in the future – regardless of whether they have been affected by this incident – to ensure their personal information is always protected.

  • Continuing to strengthen cyber defenses at OPM and across the Federal Government
    • OPM continues to take aggressive action to strengthen its broader cyber defenses and information technology (IT) systems, in partnership with experts from DoD, DHS, FBI and other interagency partners.

      Outlined in the Cybersecurity Action Report, OPM has identified 15 new steps to improve security and modernize its systems, including:

      • Completing deployment of two-factor Strong Authentication for all users;
      • Expanding continuous monitoring of its systems;
      • Hiring a new cybersecurity advisor

      OPM has also directed a comprehensive review of OPM's IT system security to identify and immediately address any other vulnerabilities that may exist, and assess OPM's data sharing and use policies.

      The Federal government, led by the Office of Management and Budget, is taking aggressive actions to continually strengthen its cyber defenses, and all agencies recently completed a 30-day cybersecurity sprint, whereby immediate steps are being taken to further protect information and assets and improve the resilience of Federal networks. OPM is fully engaged in this effort.

      Finally and importantly, OPM will participate, along with our interagency Suitability and Security Performance Accountability Council partners, in a 90 day review of key questions related to information security, governance, policy, and other aspects of this the security and suitability determination process, to ensure that it is conducted in the most efficient, effective and secure manner possible.

      View more information about what the U.S. Government is doing to improve our cyber defenses, enhance our response capabilities, and upgrade our incident management tools.

For an automated message on the incidents, please call 866-740-7153.

Back to Top

Control Panel