Click here to skip navigation
An official website of the United States Government.

Cybersecurity Resource Center Frequently Asked Questions

This section of the website will be updated with answers to questions that you have about these incidents and the notification process.

  • What happened
  • About the impacted information
  • Who has been impacted
  • Getting notified if your data was compromised
  • Protecting your identity
  • What's being done to strengthen cybersecurity
  • What happened in the background investigation records incident?
    • In 2015, OPM discovered malicious cyber activity on its network and identified two separate but related cybersecurity incidents that have impacted the data of Federal government employees, contractors, and others. First, OPM discovered malicious cyber activity on its network resulting in the exposure of the personnel data of approximately 4.2 million current and former Federal government employees. Second, OPM discovered malicious cyber activity on its network resulting in the exposure of the background investigation records of approximately 21.5 million individuals, primarily current, former, and prospective Federal employees and contractors.

  • Who responded to these incidents?
    • OPM partnered with the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation (FBI) to investigate and determine the potential impact of this incident.

  • Is the threat now resolved?
    • Based upon analysis and forensics to date, the interagency incident response team has assessed that adversary activity on OPM’s network was terminated.

  • What was included in a background investigation file?
    • In general, background investigation forms collect personal information, including Social Security numbers (SSN), for people occupying, or seeking to occupy, positions with the Federal government, in order to:

      • Check criminal histories;
      • Validate background investigation applicants' education histories;
      • Validate employment histories;
      • Validate background investigation applicants' living addresses; and
      • Gain insight into the character and conduct of background investigation applicants, through reference checks.

      In addition, some people occupying public trust or national security positions provide additional types of information that may include:

      • Personal information of a spouse or a cohabitant (including SSNs);
      • Personal information of parents, siblings, other relatives, and close friends (but does not include SSNs);
      • Foreign countries visited and individuals the applicant may know in those countries;
      • Current or previous treatment for mental health issues; and/or
      • Use of illegal drugs;
      • Previous places a background investigation applicant may have lived, worked, or attended school.

      Some records also include findings from interviews conducted by background investigators. If your fingerprint data were compromised, your notification letter will contain this information. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also compromised.

      Note: While background investigation records may contain some information regarding mental health and financial history provided by applicants and sources contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

  • What is a background investigation?
    • OPM conducts background investigations to assist agencies in determining whether an individual is trustworthy, reliable, and of good conduct and character for a position with the Federal Government.

      OPM conducts investigations of certain individuals who will occupy positions that could impact national security, including positions requiring access to classified national security information. The amount of information requested depends on the risk to the public trust, the impact on the national security, and whether an individual has a job that requires access to classified national security information. To see the different forms, select the corresponding forms: SF-86 (PDF file), SF-85 (PDF file), or SF-85P (PDF file).

      In general, background investigation forms collect personal information, including Social Security numbers (SSN), for people occupying, or seeking to occupy, positions with the Federal government, in order to:

      • Check criminal histories;
      • Validate background investigation applicants' education histories;
      • Validate employment histories;
      • Validate background investigation applicants' living addresses; and
      • Gain insight into the character and conduct of background investigation applicants, through reference checks.

      In addition, some people occupying public trust or national security positions provide additional types of information that may include:

      • Personal information of a spouse or a cohabitant (including SSNs);
      • Personal information of parents, siblings, other relatives, and close friends (but does not include SSNs);
      • Foreign countries visited and individuals the applicant may know in those countries;
      • Current or previous treatment for mental health issues; and/or
      • Use of illegal drugs.

      For public trust and national security investigations, other information may be collected related to parents, siblings, other relatives, close friends, and previous places a background investigation applicant may have lived, worked, or attended school. This information is used to interview employers, friends, and neighbors about the applicant, his or her conduct, and personal history, and to conduct local law enforcement checks at previous locations lived.

  • Was I impacted by the background investigation records incident?
    • The Social Security numbers of approximately 21.5 million individuals were impacted by the background investigation records incident. This includes approximately 19.7 million individuals who applied for background investigations, and 1.8 million non-applicants (predominantly spouses or co-habitants of applicants).

      Most of those who were impacted have received a letter informing them that their data were impacted and providing a 25-digit PIN code that enables individuals to sign up for free identity theft monitoring services. If you did not receive a letter but believe your data may have been impacted, OPM has partnered with the Department of Defense to establish a Verification Center. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the background investigation records incident, you will receive a notification letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the intrusion, you will receive a letter with that information. This letter usually takes about two to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving your letter.

      If you underwent a background investigation through OPM in the year 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that you were impacted by this cyber incident. If you underwent a background investigation prior to the year 2000, you may be impacted, but it is less likely. If you are one of the following, you may have been impacted:

      • Current or former Federal government employee.
      • Member of the Military, or Veteran.
      • Current or former Federal contractor.
      • Job candidate required to complete a background investigation before your start date.
      • Spouse or co-habitant of any of the above groups.

  • Who else in my family or other networks is affected by the background investigation records incident? How can I determine who these people are?
    • When you submitted your background investigation form, you likely provided the name, address, date of birth, or other similar information of close contacts. These individuals could include immediate family members, co-habitants, or other close contacts.

      In many cases, the information about these individuals is the same as information generally available in public forums, such as online directories or social media, and therefore the compromise of this information generally does not present the same level of risk of identity theft or other issues. However, if the Social Security number of any of these individuals was included in the cyber incident, the individual should have received a separate notification letter from OPM.

  • Am I impacted by the incident involving personnel records?
    • Contractor employees were not impacted, unless they were also current or former Federal employees. Notifications have been sent to those impacted. If you have not received a notification and think you may be impacted, please call CSID at 844-777-2743, or visit www.csid.com/opm to verify if you were impacted, and sign up for services.

  • How are Federal retirees impacted?
    • If you underwent a background investigation in the year 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P), it is highly likely that you were impacted by this cyber incident. This could include Federal retirees. Individuals who submitted this information prior to the year 2000 may be impacted, but it is less likely. Most of those who were impacted have received a notification letter. If you did not receive a notification letter but believe your data may have been impacted, you may contact the Verification Center.

      OPM has sent separate notifications to retirees who may have been impacted by the personnel records incident. If you think you may have been one of the individuals who were solely impacted by the personnel records incident, please access our Information About Personnel Records Incident section for more information.

  • How many people were impacted in the background investigation records incident?
    • The impacted population is approximately 21.5 million individuals. OPM and the interagency incident response team concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was compromised in the background investigation incident. Approximately 5.6 million individuals’ impacted records included fingerprint data.

  • What if I believe that I was impacted, but I haven’t received a notification letter or PIN?
    • OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may have been impacted but have not received a notification letter. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the cyber intrusion involving background investigation records, you will receive a notification letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the intrusion, you will receive a letter with that information. This letter usually takes about two to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://www.opm.gov/cybersecurity For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • Was my spouse/partner/family member’s personal information impacted?
    • Some background investigation forms ask for the Social Security number (SSN) of your spouse or co-habitant. If that is the case, your spouse or co-habitant also received a notification and will be able to sign up for services. SSNs were not required for all spouses or cohabitants on other forms. In all other cases, SSNs were not required for other family members. Information you may have provided about other family members includes name, address, date of birth, or other similar information that may have been listed on a background form. In many cases, this information is the same as what is generally available in public forums such as online directories or social media, and therefore generally does not present the same level of risk of identity theft or other issues as with a Social Security number.

      OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may have been impacted but have not received a notification letter. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the cyber intrusion involving background investigation records, you will receive a notification letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the intrusion, you will receive a letter with that information. This letter usually takes about two to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://www.opm.gov/cybersecurity. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • What is the Verification Center?
    • The Federal Government set up a Verification Center to assist individuals who believe their data may have been impacted by the cyber intrusion involving background investigation records, but who have not received a letter. The Verification Center will also assist individuals who received a letter notifying them that their data had been impacted by the cyber intrusion, but who have lost the PIN code included in that letter, and would like to have a copy of their letter resent. The PIN code is needed to register for services.

  • How can I access the Verification Center?
    • You may access the Verification Center at https://www.opm.gov/cybersecurity. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • What kind of information will I need to provide the Verification Center?
    • You will be asked for your information such as your name, address, Social Security number, and date of birth. You will also be asked for an email address in case the Verification Center needs to contact you. This information will be used to determine whether your data were impacted by the cyber incident involving background investigation records.

  • How will I receive an answer to my question once I have submitted my information to the Verification Center?
    • If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the cyber intrusion involving background investigation records, you will receive a notification letter that will list your 25-digit PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the intrusion, you will receive a letter with that information. You should receive your response letter in approximately two to four weeks through the U.S. Postal Service to the address you provided on the website or shared with a call center agent. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

  • Why does it take two to four weeks to receive my notice from the Government?
    • The Government estimates that each individual submitting a verification request to determine if his/her data were impacted by the background investigation records incident will receive a reply within approximately two to four weeks of submitting his/her request. The two to four week period is an estimate, which may vary based on the quantity of requests received. The identity confirmation process used by the Verification Center has been developed to protect an individual’s personal information. In order to protect personal information, after an individual submits his/her information, it will be matched against the information within a separate government database. The Government will print and mail notification letters via the U.S. Postal Service. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

  • Why do I need a PIN?
    • The government has not provided any personally identifiable information to the service provider that is providing identity theft protection and credit monitoring services for the cyber incident involving background investigation records. Each notification letter for impacted individuals contains a 25-digit PIN code. This PIN code is used in conjunction with the last four digits of your Social Security number to validate an impacted individual’s eligibility to receive government-provided identity protection services.

  • What if I believe that I was impacted, but I haven’t received a notification letter or PIN?
    • OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may have been impacted but have not received a notification letter. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the cyber intrusion involving background investigation records, you will receive a notification letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the intrusion, you will receive a letter with that information. This letter usually takes about two to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://www.opm.gov/cybersecurity. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • I need my notification letter with PIN code sent to a different address. What can I do?
    • If you believe that your data were impacted by the cyber intrusion involving background investigation records, but have not received a notification letter, you can contact the Verification Center to provide your current address where your letter will be mailed. Please note that your address will not be updated in any other government database.

  • The Verification Center website is telling me "There are errors on the form." What should I do?
    • The Federal Government has set up a Verification Center to assist individuals who believe their data were impacted by the cyber incident involving background investigation records. If there are asterisks next to the line in which you are entering your information, then there is an error with the information that you are entering. Errors typically occur because of incorrect formatting or characters that are not allowed in that field as specified on the form. As you type your information, a message will appear if you make a formatting error. This message will provide you with guidance on the proper format for that line. You will not be able to submit your information until that line is fixed. If you are still having difficulty submitting your information online, you can contact the call center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • How do I know the Verification Center website is secure?
    • The Verification Center website was developed with our partners at the Department of Defense to securely protect your personal information. It has gone through a rigorous review and certification process to provide appropriate security protections. Continuous monitoring of the safety and security of the website has also been implemented.

  • Why can’t I find out my PIN code when I enter my information on the Verification Center website?
    • Once you provide your name, address, Social Security number, and date of birth, your information must be checked against the government’s database to determine whether your Social Security number was included in the cyber intrusion involving background investigation records. To provide additional security, the data used to determine whether your data were impacted is stored in another system that is not accessible from the Internet. This offline database check process was designed to protect your personal information.

  • Why can’t the agent on the phone tell me if I am impacted, or the address you have for me?
    • Once you provide your name, address, Social Security number, and date of birth, your information must be checked against the government’s database to determine whether your Social Security number was included in the cyber intrusion involving background investigation records. For security and privacy purposes, the call center agents do not have access to the database. Call center agents assist individuals who need help entering their personal information into the system. After submitting your information, you should receive a response letter in approximately two to four weeks through the mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

  • How do I enroll in credit monitoring and identity monitoring services?
    • If you have already received your letter and 25-digit PIN code, you can go to the Cybersecurity Resource Center and select the “Enroll with the Service Provider” button. If you would prefer to enroll in services with a call center agent, please call 800-750-3004 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • I have a post-enrollment question.
    • If you have already enrolled and have questions or concerns about your post-enrollment services, you may call 800-750-3004 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • What are my options if my information was not compromised? I don’t feel safe.
    • The Federal Government still recommends that you remain vigilant about protecting your identity and monitoring your credit even if we have concluded that your Social Security number was not included in the cyber intrusion. There are several on-line resources available to assist you in protecting yourself:

      • For information about ways to protect yourself from identity theft, visit the Federal Trade Commission’s Identity Theft website.
      • For information about how to recover from identity theft, visit the Federal Government’s one-stop resource for identity theft victims.
      • For information about what the Department of Justice is doing to stop identity theft fraud, visit the Department’s website.

  • I received a letter notifying me that I was impacted by the background investigation records incident, but my PIN code doesn’t work. What should I do?
    • You should be able to sign up for services by selecting the link on the OPM Cybersecurity Resource Center website. To enroll in services, you will need to enter your 25-digit PIN code when prompted. Please note that the 25-digit PIN code is broken up into five boxes within the notification letter in order to make it easier to read. The PIN code only includes numbers and does not include any letters or special characters.

      If your PIN code does not work at first, please attempt to carefully re-enter it to ensure that it is not being mistyped. If your PIN code still does not work, please contact the Verification Center.

  • My letter was addressed using my initials, a nickname, a previous address, etc. Why?
    • The Government has attempted to locate the best address for individuals impacted by the incident involving background investigation records. Due to the nature of this data in our systems, unfortunately some letters have been mailed with old addresses or names.

      If you believe you are the intended recipient of the letter, you may enroll using the provided 25-digit PIN code in conjunction with the last four digits of your Social Security number. To access the webpage to enroll in services, please visit the OPM Cyber Security Resource Center at https://www.opm.gov/cybersecurity. If you believe your data may have been impacted by the cyber incident but do not believe the letter you received was intended for you, please visit the Verification Center. Through the Verification Center, you may verify if you were impacted. You should receive your response letter in approximately two to four weeks through the mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://www.opm.gov/cybersecurity. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • Who is the service provider for the background investigation records incident?
    • The service provider is Identity Theft Guard Solutions, LLC, doing business as ID Experts, a data breach response and identity protection company. ID Experts will provide impacted individuals with a comprehensive suite of identity theft protection and monitoring services.

      Before awarding the contract to ID Experts, an inter-gency, inter-disciplinary group of subject matter experts, including security and privacy representatives from the Department of Homeland Security, DoD, Federal Trade Commission, and other agencies, carefully drafted requirements that the selected vendor would address. OPM and DoD also took additional steps to enhance the security of information needed to enroll in services. The selected vendor demonstrated compliance with National Institute for Standards and Technology privacy and other security requirements as outlined in the performance work statement. The selected vendor also provided system security plans and will support onsite security inspections by the Government at any location where protected information is collected, stored, or used.

  • What is MyIDCare?
    • MyIDCare is the brand name of ID Experts’ identity-monitoring product being offered to you if you were impacted by the background investigation records incident.

  • Do individuals impacted by the background investigation records incident need to register for identity protection services?
    • Identity theft insurance and identity restoration coverage began on September 1, 2015. However, to take advantage of these services, impacted individuals first need to verify with the service provider that they are eligible to access services.

      Identity and credit monitoring begins immediately upon enrollment. Impacted individuals will be able to enroll themselves and their dependent minor children in credit monitoring and identity monitoring services once they receive their notification and 25-digit PIN code.

  • When will identity protection services begin and end for individuals impacted by the background investigation records incident?
    • Identity theft insurance and identity restoration coverage began on September 1, 2015. However, to take advantage of these services, impacted individuals first need to verify that they are eligible for services. Identity and credit monitoring begins immediately upon enrollment. Impacted individuals will be able to enroll themselves and their dependent minor children in credit monitoring and identity monitoring services once they receive their notification and 25-digit PIN code.

      In late 2015, the President signed into a law a provision which will extend identity protection coverage to a period of 10 years for those who were impacted by the background investigation and personnel records incidents. OPM is working to implement the extended 10-year period.

  • Are “dependent minor children” of individuals impacted in the background investigation records incident being covered and how are you defining “dependent minor children?”
    • Although the Social Security numbers of children were not requested on background investigation forms, dependent minor children of impacted individuals are also eligible to receive the suite of services. For purposes of coverage, dependent minor children are defined as children of impacted individuals who were under the age of 18 as of July 1, 2015.

  • For individuals impacted by the background investigation records incident, how are you going to work with the service provider to protect our personally identifiable information (PII) data?
    • The contract requirements for the contract with ID Experts - including security requirements - were carefully drafted by an inter-disciplinary group of subject matter experts, including security and privacy representatives from the Department of Homeland Security, DoD, Federal Trade Commission, and other agencies. The service provider selected to provide identity theft protection and credit monitoring services, demonstrated compliance with National Institute for Standards and Technology privacy and other advanced security requirements, and provided system security plans. The Government has conducted onsite security inspections at any location where protected information is collected, stored, or used and will continue to do so.

  • How will I receive my notification for the background investigation incident if my address has changed?
    • OPM attempted to obtain the best available address for individuals using government and commercial sources. If you believe you may have been impacted but did not receive a letter, we have partnered with the Department of Defense to establish a Verification Center. You can contact the Verification Center to provide your current address where your letter will be mailed. Please note that your address will not be updated in any other government database.

      The Verification Center may be accessed through a link at www.opm.gov/cybersecurity. Or, you may call 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m., Eastern Time, and ask to speak to an agent. You should receive your response letter in approximately two to four weeks through the U.S. Postal Service to the address you provided on the website or shared with a call center agent. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      Please note that the service provider can enroll individuals with a PIN code, but for security and privacy purposes, the service provider cannot verify whether or not an individual’s data may have been impacted or enroll individuals without a PIN.

  • Why are you not providing services to family members who are on the form?
    • In many cases, the information about these individuals is the same as what is generally available in public forums such as online directories or social media, and therefore generally does not present the same level of risk of identity theft or other issues. However, if your family member’s Social Security number was included in the compromised data, that individual should have received a separate notification letter and PIN code.

  • If I receive a communication from someone representing themselves as a government agent of some kind, how should I react?
    • You will not receive an unsolicited phone call from OPM or the identity protection and credit monitoring service providers. If you are contacted by anyone asking for your personal information in relation to this incident, do not provide it. However, we may reach out to a specific individual in response to a specific inquiry received from the individual or someone acting on his/her behalf.

  • I lost my notification about the background investigation records incident.
    • OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may be impacted but have not received a notification letter.

      If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the cyber intrusion involving background investigation records, you will receive a notification letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the intrusion, you will receive a letter with that information. You should receive your response letter in approximately two to four weeks through the U.S. Postal Service to the address you provided on the website or shared with a call center agent. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://www.opm.gov/cybersecurity. For those needing assistance in entering your information, you may call the Verification Center call center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00p.m. Eastern Time.

  • How will I know if my fingerprint information was impacted?
    • Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the background investigation records incident, the subset of individuals whose fingerprints were included is approximately 5.6 million. If OPM determined that your fingerprint data were likely included in the cyber intrusion, your notification letter will include this information.

  • I’ve never worked for the Government. Why did I receive a letter?
    • Some individuals who never worked for the Government were impacted by the cyber incidents, including spouses or co-habitants of applicants, contractors, and certain other individuals who submitted information to the Government in connection with a background check.

      The Federal Government has set up a Verification Center to assist individuals who believe their data were impacted by the cyber intrusion involving background investigation records. You may access the Verification Center at https://www.opm.gov/cybersecurity. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • How long does the coverage last?
    • In late 2015, the President signed into a law a provision which will extend identity protection coverage to a period of not less than 10 years for those who were impacted by the background investigation and personnel records incidents.

      The identity protection coverage for individuals impacted by the personnel records incident was previously set to expire in December 2016, and coverage for individuals impacted by the background investigation records incident was previously set to expire in December 2018. OPM is working to implement the extended 10-year period.

  • Why do I have to give personal information upon enrollment? Don’t you already have my personal information?
    • The government has not provided any personally identifiable information to the service provider that is providing identity theft protection and credit monitoring services for the background investigations incident. Each notification letter for impacted individuals contains a 25-digit PIN code. This PIN code is used in conjunction with the last four digits of your Social Security number and is needed to validate an impacted individual’s eligibility to receive government-provided identity protection services.

  • Why did My Dependent Minor Child Receive a Letter?
    • If your dependent minor child’s Social Security number was listed on your background investigation form or your dependent minor child filled out a background investigation form for an internship or job, he/she may have been impacted by the cyber incident involving background investigation records. As a result, he/she would have received a mailed notification letter and 25-digit PIN code. He/she may register for services by selecting the link from the OPM Cyber Security Resource Center at https://www.opm.gov/cybersecurity or by calling the service provider at 800-750-3004 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • My dependent child is now an adult and over 18. How does he/she enroll for services?
    • Your dependent child will need to sign up for his/her own coverage on or following his/her 18th birthday and can do so by calling the service provider at 800-750-3004 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

      Because most minors may not have sufficient credit history to secure their own credit, they may not have credit authorization questions that they can answer to further verify their identity and access the credit monitoring portion of the product. If this is the case, please call the service provider and an agent can enroll him/her in the non-credit monitoring product. The service provider will provide identity restoration services regardless of whether the individual enrolls in the credit or non-credit monitoring services.

  • What should I do if I cannot answer the enrollment questions?
    • Credit monitoring and identity protection services verify your identity by asking a series of questions generated by a credit reporting bureau that only you should be able to answer. The service provider uses the answers you provide and matches it against answers provided by the credit reporting bureau.

      These questions are generated by the credit reporting bureau and cannot be customized by the website or call center agent, nor does the call center agent have any information pertaining to these questions. If you are unable to successfully answer the enrollment questions, you may need to wait for a period of time and then try the process again. If you encounter ongoing issues, you may call the identity protection and credit monitoring service provider for assistance.

  • Can I enroll if I have a credit freeze with the credit bureaus?
    • Most credit monitoring services verify your identity at enrollment by matching information provided to them by you with information provided by credit bureaus. If you currently have a freeze on your credit report, it is possible that you may not be able to complete the account creation process until the freeze is lifted.

      ID Experts uses Experian as the credit bureau which it uses to verify your identity. Therefore, if you have placed freezes on your credit report with the credit bureaus, you only need to remove the credit freeze with Experian in order to be able to enroll with services with ID Experts. Once successfully enrolled, you may choose to refreeze your credit with Experian.

      You may unfreeze, and refreeze, your credit directly with Experian at:

      For more information on credit freeze please visit the Federal Trade Commission Website.

  • I live overseas. Why do I need a valid U.S. Address to enroll in services?
    • You will need a valid U.S. address because some of the specific services require this information for activation, such as Sex Offender and Change of Address monitoring. If you do not have a current U.S. address, we recommend you use your most recent U.S. address or a relative’s address. Please know that our system allows for APO, DPO, or FPO addresses to be entered.

  • I have an APO, DPO, or FPO address, can I enroll?
    • Yes, the system allows for an APO, FPO, or DPO address.

  • Is there a cost to enroll?
    • Services are being provided at no cost to the individual.

  • Can sex offender alerts be ceased?
    • Yes, the sex offender alerts can be ceased. Please call the service provider at 800-750-3004 and a representative will be able to assist you. Please note that the removal of these alerts will take 24 to 48 hours and the removal will not impact the credit monitoring features of your membership. Once you cease the sex offender alerts, it cannot be undone.

  • What if I was impacted by both incidents? Am I eligible for services offered in response to both incidents?
    • Yes. If you were impacted by both incidents, you should have received separate notifications for each incident and you are eligible to sign up for services from both incidents. If you incurred expenses in connection with restoring your identity, rather than take advantage of the identity restoration services that are being provided to you, you may only make an identity theft insurance claim with one service provider. If you were impacted by the cyber incident involving background investigation records, you should make your claim(s) with ID Experts. If you were ONLY impacted by the cyber incident involving personnel data, you should make your claim with CSID.

      In late 2015, the President signed into a law a provision which will extend identity protection coverage to a period of 10 years for those who were impacted by the background investigation and personnel records incidents. OPM is working to implement this extended 10-year period.

  • What if I received a letter from CSID? Who is that and how am I impacted?
    • CSID is the company providing services to those impacted by the personnel records incident. All notifications related to the personnel data incident have been sent.

      Individuals impacted by the personnel records incident should have received their notification along with information about identify theft monitoring and restoration services. You may enroll through CSID’s website, or call CSID’s call center at 844-777-2743 (International callers: call collect at 512-327-0705) between 9:00 a.m. and 9:00 p.m. Eastern Time. To verify whether you were impacted by this incident or get additional assistance, please call CSID’s call center and an agent will be able to help you.

  • What should I do if I am concerned about identity theft?
  • What services are being offered to impacted individuals?
    • Individuals impacted by the background investigation records incident and their dependent minor children are entitled to the following services:

      • Identity monitoring
        Identity monitoring services includes monitoring of the internet and monitoring database sources including those pertaining to criminal records, arrest records, bookings, court records, pay day loans, bank accounts, checks, sex offender, change of address, and Social Security number trace. Please sign up with the service provider to access this benefit.
      • Credit monitoring
        This includes credit monitoring of credit reports at all three national credit reporting agencies (e.g., Experian, Equifax, and TransUnion). Please sign up with the service provider to access this benefit.
      • Identity restoration services
        If your identity is compromised, representatives from the service provider will work with you to take steps to restore your identity. You have access to this benefit at any time during the coverage period without having to enroll in monitoring services; however, to utilize the restoration services, impacted individuals will need to verify that they are eligible to access services with the service provider.
      • Identity theft insurance
        For those impacted by the cyber incident involving background investigation records, identity theft insurance has been provided to impacted individuals and their dependent minor children regardless of their enrollment status in other services. Identity theft insurance became effective on September 1, 2015 and the scope of this coverage includes all incidents of identity theft that occur during the coverage period, regardless of the source. This insurance covers you for expenses incurred in restoring your identity with no deductible.

  • Why are deceased individuals being notified about the background investigation records incident?
    • Please accept our deepest sympathies on the loss of your loved one. The deceased were sent a notification letter because we have determined that their information was included in the intrusion. Our goal is to provide the information and tools to protect the deceased individual’s identity and credit, and that of any eligible dependent minor children.

      We are providing a comprehensive suite of identity theft protection and monitoring services. Each year, thieves steal the identities of nearly 2.5 million deceased Americans. To reduce the likelihood of any misuse, we are offering identify theft protection and credit monitoring services for deceased individuals who were impacted. Furthermore, for those impacted by the incident involving background investigation records, we are also offering any deceased individual’s dependent children who were under the age of 18 as of July 1, 2015, identity protection services. These services include identity monitoring, identity theft insurance, and identity restoration services.

  • What should next of kin do when they receive a notification letter about the background investigation records incident?
    • To protect against potential misuse, the deceased and any eligible dependents may be enrolled in the identity theft protection services at the OPM cybersecurity website using the 25--digit PIN code in the notification letter. Other personal information about the deceased, including the last four digits of the individual’s Social Security number, will be necessary to enroll. Please note that the 25-digit PIN code only includes numbers and does not include any letters or special characters.

  • Are dependent minor children of deceased individuals whose data were impacted by the background investigation records incident eligible for identity protection and restoration services?
    • Dependent minor children of deceased individuals whose data were impacted by the OPM cyber incident are eligible to receive identity protection and restoration services. The eligible dependent minor children of the deceased may be enrolled in these services at the OPM Cybersecurity Resource Center using the 25-digit PIN code in the notification letter. Other personal information about the deceased, including the last four digits of the individual’s Social Security number, will be necessary to enroll. Please note that the 25- digit PIN code only includes numbers and does not include any letters or special characters.

      For purposes of coverage, dependent minor children are defined as children of impacted individuals who were under the age of 18 as of July 1, 2015, even if they were not listed on the form. If individuals have difficulty enrolling in services on-line, please call the service provider at 800-750-3004 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • How can I further protect my deceased loved one’s identity?
    • Below are a few tips to reduce the risk of having a deceased person’s identity stolen:

      • Send the IRS a copy of the death certificate, which is used to flag the account to reflect that the person is deceased.
      • Send copies of the death certificate to each credit reporting bureau asking them to put a “deceased alert” on the deceased’s credit report. The addresses are: Experian, P.O. Box 4500, Allen, TX 75013; Equifax Information Services LLC Office of Consumer Affairs, P.O. Box 105139, Atlanta, GA 30348; and TransUnion LLC, P.O. Box 2000, Chester, PA 19022.
      • Review the deceased’s credit report for questionable credit card activity.
      • Avoid putting too much information in an obituary, such as birth date, address, mother’s maiden name or other personally identifying information that could be useful to identity thieves.

      More information to help you guard against identity theft is available on the IRS website. More tips to help protect a deceased person’s identify can also be found on the Identity Theft Center website; please type “deceased” in the search box.

  • What are my options if my information was not compromised? I don’t feel safe.
    • The Federal Government still recommends that you remain vigilant about protecting your identity and monitoring your credit even if we have concluded that your information was not impacted. There are several on-line resources available to assist you in protecting yourself:

      • For information about ways to protect yourself from identity theft, visit the Federal Trade Commission’s Identity Theft website.
      • For information about how to recover from identity theft, visit the Federal Government’s one-stop resource for identity theft victims at IdentityTheft.gov.
      • For information about what the Department of Justice is doing to stop identity theft fraud, visit the Department’s website.

  • What should I do if I have questions or concerns about my taxes?
    • You should contact the IRS or an independent tax advisor if you have questions related to your taxes.

  • What do I do if I experience suspicious activity related to my identity?
    • As part of the free identity protection services OPM is providing, you have access to services that will assist you, regardless of whether the suspicious or fraudulent activity is connected with the OPM incidents.

  • I received a suspicious call or communication. What can I do?
    • You will not receive an unsolicited phone call from OPM or the identity protection and credit monitoring service providers. However, we may reach out to a specific individual in response to a specific inquiry received from the individual or someone acting on his/her behalf. If you are contacted by anyone asking for your personal information in relation to this incident, do not provide it.

  • What is the difference between CSID and MyIDCare?
    • In 2015, OPM discovered two separate but related cybersecurity incidents that have impacted the data of Federal government employees, contractors, and others. First, OPM discovered malicious cyber activity on its network resulting in the exposure of the personnel data of approximately 4.2 million current and former Federal government employees. Individuals impacted by this incident are being provided services through Winvale, which has partnered with CSID. Second, OPM discovered malicious cyber activity on its network resulting in the exposure of the background investigation records of approximately 21.5 million individuals, primarily current, former, and prospective Federal employees and contractors. Individuals impacted by this incident are being provided services through ID Experts’ service, called MyIDCare.

  • How much identity theft insurance coverage is being provided?
    • Should you wish to take action to restore your identity instead of taking advantage of the free identity theft restoration services being provided to you, identity theft insurance can help to reimburse you for certain expenses incurred if your identity is stolen.

      Insurance for the background investigations incident became effective on September 1, 2015 and the scope of this coverage includes all incidents of identity theft that occur during the coverage period, regardless of the source. This insurance originally covered up to $1 million in expenses incurred in restoring identity with no deductible. Effective June 1, 2016, you are eligible to receive up to $5 million in identity theft insurance with no deductible.

      Insurance for the personnel records incident became effective on June 2, 2015 and the scope of this coverage includes all incidents of identity theft that occur during the coverage period, regardless of the source. This insurance originally covered up to $1 million in expenses incurred in restoring identity with no deductible. Effective June 1, 2016, you are eligible to receive up to $5 million in identity theft insurance with no deductible.

      If you were impacted by the cyber incident involving background investigation records, you should make your claim(s) with ID Experts. If you were ONLY impacted by the cyber incident involving personnel data, you should make your claim with Winvale, which has partnered with CSID.

  • I forgot my Username / Email Address or Password for MyIDCare.
    • You may retrieve your password online. To retrieve a username, you will again need to call the call center at the number listed below.

      • Retrieve Password: You may retrieve your password online by clicking “Forgot password” on the login screen at https://opm.myidcare.com/login.
      • Retrieve Username: Effective mid-June 2016, members were prompted to change their User ID to their email address. The system requires each user to have a unique email address. For additional assistance, you may call the service provider at: 800-750-3004.

  • My browser is having trouble connecting with MyIDCare.
    • MyIDCare works with the latest versions of Internet Explorer, Google Chrome, and Mozilla Firefox web browsers. If your preferred browser is not working with MyIDCare, first try using a different browser; then try clearing your cache.

      If you are having difficulty accessing MyIDCare from a workplace network, please contact your office’s IT team to troubleshoot the matter.

  • When my free services expire, will I be automatically re-enrolled or forced to pay for anything?
    • At the end of your membership, it will expire and your membership will end. You will not be charged after your free membership expires, unless you choose to re-enroll on your own.

      In late 2015, the President signed into a law a provision which will extend identity protection coverage to a period of not less than 10 years for those who were impacted by the background investigation and personnel records incidents. OPM is working to implement the extended 10-year period.

  • Does enrolling in credit monitoring impact my credit score?
    • Inquiries for credit monitoring purposes will not affect your credit scores or lending decisions. Such inquiries are not shared with lenders and do not affect your credit scores. They only appear on your credit report when you get it through the credit monitoring service to which you subscribe, or when you request your report directly from the credit reporting company.

  • What is OPM doing to further strengthen its cybersecurity and review its processes?
    • In partnership with experts from the Department of Defense, Department of Homeland Security, Federal Bureau of Investigation and other Federal agency partners, continues to take action to strengthen its broader cyber defenses and information technology (IT) systems. Read more about OPM's Efforts to Strengthen Cybersecurity.

  • What is the government doing to protect my information elsewhere?

Have a FAQ that is not included on this page? Please email suggestions for additional FAQs to cybersecurity@opm.gov.

Control Panel