Click here to skip navigation
An official website of the United States Government.

Cybersecurity Resource Center Frequently Asked Questions

This section of the website will be updated with answers to questions that you have about these incidents and the notification process.

  • What happened
  • About the impacted information
  • Who has been impacted
  • Getting notified if your data was compromised
  • Protecting your identity
  • What happened during the OPM cybersecurity incidents announced in 2015?
    • In 2015, OPM announced malicious cyber activity on its network and identified two separate but related cybersecurity incidents that have impacted the data of Federal government employees, contractors, and others. First, OPM discovered malicious cyber activity on its network resulting in the exposure of the personnel data of approximately 4.2 million current and former Federal government employees. Second, OPM discovered malicious cyber activity on its network resulting in the exposure of the background investigation records of approximately 21.5 million individuals, primarily current, former, and prospective Federal employees and contractors.

  • Who responded to these incidents?
    • OPM partnered with the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation (FBI) to investigate and determine the potential impact of this incident.

  • What was included in a background investigation file?
    • In general, background investigation forms collect personal information, including Social Security numbers (SSN), for people occupying, or seeking to occupy, positions with the Federal government, in order to:

      • Check criminal histories
      • Validate background investigation applicants' education histories
      • Validate employment histories
      • Validate background investigation applicants' living addresses
      • Gain insight into the character and conduct of background investigation applicants, through reference checks

      In addition, some people occupying public trust or national security positions provide additional types of information that may include:

      • Personal information of a spouse or a cohabitant (including SSNs)
      • Personal information of parents, siblings, other relatives, and close friends (but does not include SSNs)
      • Foreign countries visited and individuals the applicant may know in those countries
      • Current or previous treatment for mental health issues
      • Use of illegal drugs
      • Previous places a background investigation applicant may have lived, worked, or attended school

      Some records also include findings from interviews conducted by background investigators. If your fingerprint data were compromised, your notification letter will contain this information. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also compromised.

      Note: While background investigation records may contain some information regarding mental health and financial history provided by applicants and sources contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

  • What is a background investigation?
    • OPM conducts background investigations to assist agencies in determining whether an individual is trustworthy, reliable, and of good conduct and character for a position with the Federal Government.

      OPM conducts investigations of certain individuals who will occupy positions that could impact national security, including positions requiring access to classified national security information. The amount of information requested depends on the risk to the public trust, the impact on the national security, and whether an individual has a job that requires access to classified national security information. To see the different forms, select the corresponding forms: SF-86 (PDF file), SF-85 (PDF file), or SF-85P (PDF file).

      In general, background investigation forms collect personal information, including Social Security numbers (SSN), for people occupying, or seeking to occupy, positions with the Federal government, in order to:

      • Check criminal histories
      • Validate background investigation applicants' education histories
      • Validate employment histories
      • Validate background investigation applicants' living addresses
      • Gain insight into the character and conduct of background investigation applicants, through reference checks

      In addition, some people occupying public trust or national security positions provide additional types of information that may include

      • Personal information of a spouse or a cohabitant (including SSNs)
      • Personal information of parents, siblings, other relatives, and close friends (but does not include SSNs)
      • Foreign countries visited and individuals the applicant may know in those countries
      • Current or previous treatment for mental health issues
      • Use of illegal drugs

      For public trust and national security investigations, other information may be collected related to parents, siblings, other relatives, close friends, and previous places a background investigation applicant may have lived, worked, or attended school. This information is used to interview employers, friends, and neighbors about the applicant, his or her conduct, and personal history, and to conduct local law enforcement checks at previous locations lived.

  • Was I impacted by the background investigation records incident announced in 2015?
    • The Social Security numbers of approximately 21.5 million individuals were impacted by the 2015 background investigation records incident. This includes approximately 19.7 million individuals who applied for background investigations, and 1.8 million non-applicants (predominantly spouses or co-habitants of applicants).

      Most of those who were impacted have received a letter informing them that their data were impacted and providing a 25-digit PIN code that enables individuals to sign up for free identity theft monitoring services. If you did not receive a letter but believe your data may have been impacted, OPM has partnered with the Department of Defense to establish a Verification Center. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the background investigation records incident, you will receive a letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the incidents, you will receive a letter with that information. This letter may take up to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving your letter.

      If you underwent a background investigation through OPM in the year 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that you were impacted by this cyber incident. If you underwent a background investigation prior to the year 2000, you may be impacted, but it is less likely. If you are one of the following, you may have been impacted:

      • Current or former Federal government employee
      • Member of the Military, or Veteran
      • Current or former Federal contractor
      • Job candidate required to complete a background investigation before your start date
      • Spouse or co-habitant of any of the above groups

  • Who else in my family or other networks is affected by the background investigation records incident announced in 2015? How can I determine who these people are?
    • When you submitted your background investigation form, you likely provided the name, address, date of birth, or other similar information of close contacts. These individuals could include immediate family members, co-habitants, or other close contacts.

      In many cases, the information about these individuals is the same as information generally available in public forums, such as online directories or social media, and therefore the compromise of this information generally does not present the same level of risk of identity theft or other issues. However, if the Social Security number of any of these individuals was included in the cyber incident, the individual should have received a separate notification letter from OPM.

  • Am I impacted by the incident involving personnel records announced in 2015?
    • Current or former Federal employees may have been impacted by the incident involving personnel records (approximately 4.2 million current and former Federal employees have been impacted). Contractor employees were not impacted, unless they were also current or former Federal employees.

      Approximately 3.6 million You should have already received a notification if you were impacted by this incident. Notifications have been sent to those impacted. If you have not received a notification and think you may be impacted, please visit the Verification Center verify if you were impacted, and sign up for services.

  • How are Federal retirees impacted?
    • If you underwent a background investigation in the year 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P), it is highly likely that you were impacted by the 2015 background investigation record incident. This could include Federal retirees. Individuals who submitted this information prior to the year 2000 may be impacted, but it is less likely. Most of those who were impacted have received a notification letter. If you did not receive a notification letter but believe your data may have been impacted, you may contact the Verification Center.

      OPM has sent separate notifications to retirees who may have been impacted by the 2015 personnel records incident.

  • How many people were impacted in the background investigation records incident announced in 2015?
    • The impacted population is approximately 21.5 million individuals. OPM and the interagency incident response team concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was compromised in the background investigation incident. Approximately 5.6 million individuals’ impacted records included fingerprint data.

  • What if I believe that I was impacted, but I haven’t received a notification letter or PIN?
    • OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may have been impacted but have not received a notification letter. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the 2015 cyber incidents, you will receive a letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the incidents, you will receive a letter with that information. This letter may take up to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://opmverify.dmdc.osd.mil/ For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • Was my spouse/partner/family member’s personal information impacted by the 2015 cyber incidents?
    • Spouses, partners and family members were not impacted by the 2015 personnel records incident, unless they were also current or former Federal employees. They may have been impacted by the 2015 background investigation records incident. Some background investigation forms ask for the Social Security number (SSN) of your spouse or co-habitant. If that is the case, your spouse or co-habitant also received a notification and will be able to sign up for services. SSNs were not required for all spouses or cohabitants on other forms. In all other cases, SSNs were not required for other family members. Information you may have provided about other family members includes name, address, date of birth, or other similar information that may have been listed on a background form. In many cases, this information is the same as what is generally available in public forums such as online directories or social media, and therefore generally does not present the same level of risk of identity theft or other issues as with a Social Security number.

      OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may have been impacted but have not received a notification letter. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the 2015 cyber incidents, you will receive a letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the incidents, you will receive a letter with that information. This letter may take up to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://opmverify.dmdc.osd.mil/. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • When did OPM send notification letters?
    • Notification letters were mailed in the fall of 2015. OPM was able to remail certain letters in the summer of 2016 that were previously returned as undeliverable, after making an effort to obtain updated address information. OPM also mailed notification letters about the service provider change to those who were only impacted by the personnel records incident in November and December 2016.

      OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who believe that their data may be impacted but have not received a notification letter. You may access the Verification Center at https://opmverify.dmdc.osd.mil/. For those needing assistance in entering your information, you may call the Verification Center call center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern time.

  • What is the Verification Center?
    • The Federal Government set up a Verification Center to assist individuals who believe their data may have been impacted by the 2015 incidents, but who have not received a letter. The Verification Center will also assist individuals who received a letter notifying them that their data had been impacted by the cyber incidents, but who have lost the PIN code included in that letter, and would like to have a copy of their letter resent. The PIN code is needed to register for services.

  • How can I access the Verification Center?
    • You may access the Verification Center at https://opmverify.dmdc.osd.mil/. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • What kind of information will I need to provide the Verification Center?
    • You will be asked for your information such as your name, address, Social Security number, and date of birth. You will also be asked for an email address in case the Verification Center needs to contact you. This information will be used to determine whether your data were impacted by the cyber incident involving background investigation records.

  • How will I receive an answer to my question once I have submitted my information to the Verification Center?
    • If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the 2015 cyber incidents, you will receive a letter that will list your 25-digit PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the incidents, you will receive a letter with that information. Your response letter may take up to four weeks to arrive through the U.S. Postal Service to the address you provided on the website or shared with a call center agent. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

  • My browser is having trouble connecting with the Verification Center.
    • The Verification Center works with the latest versions of Internet Explorer, Google Chrome, and Mozilla Firefox web browsers. If your preferred browser is not working with the Verification Center, first try using a different browser; then try clearing your cache.

      If you are having difficulty accessing the Verification Center from a workplace network, please contact your office’s IT team to troubleshoot the matter.

  • Why does it take up to four weeks to receive my notice from the Government?
    • The Government estimates that each individual submitting a verification request to determine if his/her data were impacted by the 2015 cyber incidents will receive a reply within approximately four weeks of submitting his/her request. The four week period is an estimate, which may vary based on the quantity of requests received. The identity confirmation process used by the Verification Center has been developed to protect an individual’s personal information. In order to protect personal information, after an individual submits his/her information, it will be matched against the information within a separate government database. The Government will print and mail notification letters via the U.S. Postal Service. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

  • Why do I need a PIN?
    • The government has not provided any personally identifiable information to the service provider that is providing identity theft protection and credit monitoring services for the 2015 cyber incidents. Each notification letter for impacted individuals contains a 25-digit PIN code. This PIN code is used in conjunction with the last four digits of your Social Security number to validate an impacted individual’s eligibility to receive government-provided identity protection services.

  • What if I believe that I was impacted, but I haven’t received a notification letter or PIN?
    • OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may have been impacted in the 2015 cyber incidents, but have not received a notification letter. If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the cyber incidents, you will receive a letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the incidents, you will receive a letter with that information. This letter may take up to four weeks to arrive by mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://opmverify.dmdc.osd.mil/. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • I need my notification letter with PIN code sent to a different address. What can I do?
    • If you believe that your data were impacted by the 2015 cyber incidents, but have not received a notification letter, you can contact the Verification Center to provide your current address where your letter will be mailed. Please note that your address will not be updated in any other government database.

  • The Verification Center website is telling me "There are errors on the form." What should I do?
    • The Federal Government has set up a Verification Center to assist individuals who believe their data were impacted by the 2015 cyber incident involving background investigation records. If there are asterisks next to the line in which you are entering your information, then there is an error with the information that you are entering. Errors typically occur because of incorrect formatting or characters that are not allowed in that field as specified on the form. As you type your information, a message will appear if you make a formatting error. This message will provide you with guidance on the proper format for that line. You will not be able to submit your information until that line is fixed. If you are still having difficulty submitting your information online, you can contact the call center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • How do I know the Verification Center website is secure?
    • The Verification Center website was developed with our partners at the Department of Defense to securely protect your personal information. It has gone through a rigorous review and certification process to provide appropriate security protections. Continuous monitoring of the safety and security of the website has also been implemented.

  • Why can’t I find out my PIN code when I enter my information on the Verification Center website?
    • Once you provide your name, address, Social Security number, and date of birth, your information must be checked against the government’s database to determine whether your Social Security number was included in the 2015 cyber incidents. To provide additional security, the data used to determine whether your data were impacted is stored in another system that is not accessible from the Internet. This offline database check process was designed to protect your personal information.

  • Why can’t the agent on the phone tell me if I am impacted, or the address you have for me?
    • Once you provide your name, address, Social Security number, and date of birth, your information must be checked against the government’s database to determine whether your Social Security number was included in the 2015 cyber incidents. For security and privacy purposes, the call center agents do not have access to the database. Call center agents assist individuals who need help entering their personal information into the system. After submitting your information, your response letter may take up to four weeks to arrive through the mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

  • How do I enroll in credit monitoring and identity monitoring services?
    • If you have already received your letter and 25-digit PIN code, you can go to the Cybersecurity Resource Center and select the “Enroll with the Service Provider” button. If you would prefer to enroll in services with a call center agent, please call 800-750-3004 Monday through Saturday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • I have a post-enrollment question.
    • If you have already enrolled and have questions or concerns about your post-enrollment services, you may call 800-750-3004 Monday through Saturday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • What are my options if my information was not compromised? I don’t feel safe.
    • The Federal Government still recommends that you remain vigilant about protecting your identity and monitoring your credit even if we have concluded that your Social Security number was not included in the 2015 cyber incidents. There are several on-line resources available to assist you in protecting yourself:

  • I received a letter notifying me that I was impacted by the cyber incidents annnounced in 2015, but my PIN code doesn’t work. What should I do?
    • You should be able to sign up for services by selecting the link on the OPM Cybersecurity Resource Center website. To enroll in services, you will need to enter your 25-digit PIN code when prompted. Please note that the 25-digit PIN code is broken up into five boxes within the notification letter in order to make it easier to read. The PIN code only includes numbers and does not include any letters or special characters.

      If your PIN code does not work at first, please attempt to carefully re-enter it to ensure that it is not being mistyped. If your PIN code still does not work, please contact the Verification Center.

  • My letter was addressed using my initials, a nickname, a previous address, etc. Why?
    • The Government has attempted to locate the best address for individuals impacted by the 2015 cyber incidents. Due to the nature of this data in our systems, unfortunately some letters have been mailed with old addresses or names.

      If you believe you are the intended recipient of the letter, you may enroll using the provided 25-digit PIN code in conjunction with the last four digits of your Social Security number. To access the webpage to enroll in services, please visit the OPM Cyber Security Resource Center at https://www.opm.gov/cybersecurity and select the "Enroll with Service Provider" link. If you believe your data may have been impacted by the cyber incidents but do not believe the letter you received was intended for you, please visit the Verification Center. Through the Verification Center, you may verify if you were impacted. Your response letter may take up to four weeks to arrive through the mail. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://opmverify.dmdc.osd.mil/. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • Who is the service provider for the background investigation and personnel records incidents announced in 2015?
    • The service provider is Identity Theft Guard Solutions, LLC, doing business as ID Experts, a data breach response and identity protection company. ID Experts will provide impacted individuals with a comprehensive suite of identity theft protection and monitoring services.

      Before awarding the contracts to ID Experts, an inter-gency, inter-disciplinary group of subject matter experts, including security and privacy representatives from the Department of Homeland Security, Department of Defense, Federal Trade Commission, and other agencies, carefully drafted requirements that the selected vendor would address. OPM and Department of Defense also took additional steps to enhance the security of information needed to enroll in services. The selected vendor demonstrated compliance with National Institute for Standards and Technology privacy and other security requirements as outlined in the performance work statement. The selected vendor also provided system security plans and will support onsite security inspections by the Government at any location where protected information is collected, stored, or used.

  • What is MyIDCare?
    • MyIDCare is the brand name of ID Experts’ identity-monitoring product being offered to you if you were impacted by the 2015 cyber incidents.

  • Do individuals impacted by the 2015 cyber incidents need to register for identity protection services?
    • For those impacted by the background investigations incident, identity theft insurance and identity restoration coverage began on September 1, 2015. For those impacted only by the personnel records incident, identity theft insurance and identity restoration coverage with ID Experts began on December 2, 2016. Previously, those impacted only by the personnel records incident had coverage with Winvale / CSID. However, to take advantage of these services, impacted individuals first need to verify with the service provider that they are eligible to access services.

      Identity and credit monitoring begins immediately upon enrollment. Impacted individuals will be able to enroll themselves and their dependent minor children in credit monitoring and identity monitoring services once they receive their notification and 25-digit PIN code.

  • When will identity protection services begin and end for individuals impacted by the 2015 background investigation records and personnel records incidents?
    • For those impacted by the background investigations incident, identity theft insurance and identity restoration coverage began on September 1, 2015. For those impacted only by the personnel records incident, identity theft insurance and identity restoration coverage with ID Experts began on December 2, 2016. Previously, those impacted only by the personnel records incident had coverage with Winvale / CSID.

      However, to take advantage of these services, impacted individuals first need to verify that they are eligible for services. Identity and credit monitoring begins immediately upon enrollment. Impacted individuals will be able to enroll themselves and their dependent minor children in credit monitoring and identity monitoring services once they receive their notification and 25-digit PIN code.

      In accordance with the Consolidated Appropriations Act of 2017, Public Law No. 115-31, OPM will continue to facilitate the provision of identity theft coverage to individuals impacted by the 2015 cyber incidents for a period not less than 10 years and includes not less than $5 million in identity theft insurance. The extended services will cover individuals through Fiscal Year 2026.

      The contracts for identity monitoring with ID Experts for individuals impacted by the 2015 background investigation records and personnel records incidents are set to expire in December 2018. OPM is working to implement the extended coverage period.

  • Are “dependent minor children” of individuals impacted in the 2015 cyber security incidents being covered and how are you defining “dependent minor children?”
    • Although the Social Security numbers of children were not requested on background investigation forms, dependent minor children of impacted individuals are also eligible to receive the suite of services. For purposes of coverage, dependent minor children are defined as children of impacted individuals who were under the age of 18 as of July 1, 2015.

  • For individuals impacted by the 2015 cyber incidents, how are you going to work with the service provider to protect our personally identifiable information (PII) data?
    • The contract requirements for the contracts with ID Experts - including security requirements - were carefully drafted by an inter-disciplinary group of subject matter experts, including security and privacy representatives from the Department of Homeland Security, Department of Defense, Federal Trade Commission, and other agencies. The service provider selected to provide identity theft protection and credit monitoring services, demonstrated compliance with National Institute for Standards and Technology privacy and other advanced security requirements, and provided system security plans. The Government has conducted onsite security inspections at any location where protected information is collected, stored, or used and will continue to do so.

  • How will I receive my notification for the 2015 cyber incidents if my address has changed?
    • OPM attempted to obtain the best available address for individuals using government and commercial sources. If you believe you may have been impacted but did not receive a letter, we have partnered with the Department of Defense to establish a Verification Center. You can contact the Verification Center to provide your current address where your letter will be mailed. Please note that your address will not be updated in any other government database.

      The Verification Center may be accessed through a link at https://opmverify.dmdc.osd.mil/. Or, you may call 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m., Eastern Time, and ask to speak to an agent. Your response letter may take up to four weeks to arrive through the U.S. Postal Service to the address you provided on the website or shared with a call center agent. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      Please note that the service provider can enroll individuals with a PIN code, but for security and privacy purposes, the service provider cannot verify whether or not an individual’s data may have been impacted or enroll individuals without a PIN.

  • Why are you not providing services to family members who are on the background investigation form?
    • In many cases, the information about these individuals is the same as what is generally available in public forums such as online directories or social media, and therefore generally does not present the same level of risk of identity theft or other issues. However, if your family member’s Social Security number was included in the compromised data, that individual should have received a separate notification letter and PIN code.

  • If I receive a communication from someone representing themselves as a government agent of some kind, how should I react?
    • You will not receive an unsolicited phone call from OPM or the identity protection and credit monitoring service providers. If you are contacted by anyone asking for your personal information in relation to this incident, do not provide it. However, we may reach out to a specific individual in response to a specific inquiry received from the individual or someone acting on his/her behalf.

  • I lost my notification about the 2015 cyber incidents.
    • OPM has partnered with the Department of Defense to establish a Verification Center to assist individuals who have either lost their 25-digit PIN code, or who believe that their data may be impacted but have not received a notification letter.

      If you contact the Verification Center and we determine that your Social Security number and other personal information were included in the 2015 cyber incidents, you will receive a letter that will list your PIN code and give you enrollment instructions. After we have compared the identity data that you provided to us with our records, if we conclude your Social Security number was not compromised in the incidents, you will receive a letter with that information. Your response letter may take up to four weeks to arrive through the U.S. Postal Service to the address you provided on the website or shared with a call center agent. If you submit your information more than once during a six-week period, this may cause a delay in receiving a letter.

      You may access the Verification Center at https://opmverify.dmdc.osd.mil/. For those needing assistance in entering your information, you may call the Verification Center call center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00p.m. Eastern Time.

  • How will I know if my fingerprint information was impacted?
    • Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the 2015 background investigation records incident, the subset of individuals whose fingerprints were included is approximately 5.6 million. If OPM determined that your fingerprint data were likely included in the cyber incident, your notification letter will include this information.

  • I’ve never worked for the Government. Why did I receive a letter?
    • Some individuals who never worked for the Government were impacted by the 2015 cyber incidents, including spouses or co-habitants of applicants, contractors, and certain other individuals who submitted information to the Government in connection with a background check.

      The Federal Government has set up a Verification Center to assist individuals who believe their data were impacted by the 2015 cyber incidents. You may access the Verification Center at https://opmverify.dmdc.osd.mil/. For those needing assistance with submitting your information, you may call the Verification Center at 866-408-4555 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • How long does the coverage last?
    • In accordance with the Consolidated Appropriations Act of 2017, Public Law No. 115-31, OPM will continue to facilitate the provision of identity theft coverage to individuals impacted by the 2015 cyber incidents for a period not less than 10 years and includes not less than $5 million in identity theft insurance. The extended services will cover individuals through Fiscal Year 2026.

      The contracts for identity monitoring with ID Experts for individuals impacted by the 2015 background investigation records and personnel records incidents are set to expire in December 2018. OPM is working to implement the extended coverage period.

  • Why do I have to give personal information upon enrollment? Don’t you already have my personal information?
    • The government has not provided any personally identifiable information to the service provider. Each notification letter for impacted individuals contains a 25-digit PIN code. This PIN code is used in conjunction with the last four digits of your Social Security number and is needed to validate an impacted individual’s eligibility to receive government-provided identity protection services.

  • Why did My Dependent Minor Child Receive a Letter?
    • If your dependent minor child’s Social Security number was listed on your background investigation form or your dependent minor child filled out a background investigation form for an internship or job, he/she may have been impacted by the 2015 cyber incident involving background investigation records. As a result, he/she would have received a mailed notification letter and 25-digit PIN code. He/she may register for services by selecting the "Enroll with Service Provider" link from the OPM Cyber Security Resource Center at https://www.opm.gov/cybersecurity or by calling the service provider at 800-750-3004 Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • My dependent child is now an adult and over 18. How does he/she enroll for services?
    • Your dependent child will need to sign up for his/her own coverage on or following his/her 18th birthday and can do so by calling the service provider at 800-750-3004 Monday through Saturday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

      Because most minors may not have sufficient credit history to secure their own credit, they may not have credit authorization questions that they can answer to further verify their identity and access the credit monitoring portion of the product. If this is the case, please call the service provider and an agent can enroll him/her in the non-credit monitoring product. The service provider will provide identity restoration services regardless of whether the individual enrolls in the credit or non-credit monitoring services.

  • What should I do if I cannot answer the enrollment questions?
    • Credit monitoring and identity protection services verify your identity by asking a series of questions generated by a credit reporting bureau that only you should be able to answer. The service provider uses the answers you provide and matches it against answers provided by the credit reporting bureau.

      These questions are generated by the credit reporting bureau and cannot be customized by the website or call center agent, nor does the call center agent have any information pertaining to these questions. If you are unable to successfully answer the enrollment questions, you may need to wait for a period of time and then try the process again. If you encounter ongoing issues, you may call the identity protection and credit monitoring service provider for assistance.

  • Does ID Experts provide a mailed alternative?
    • The most efficient way an impacted individual can access their credit monitoring and identity protection and services is through the MyIDCare online web portal, which is accessible 24 hours a day, 7 days a week. However, if you received a notification letter with your 25-digit PIN code, you may request ID Experts can to provide you with MyIDCare mailed alternative notifications via the U.S. Postal Service. The mailed alternative is may be offered to you in addition to your online portal access. To request to enroll in the mailed alternative, please call the service provider at 800-750-3004 and a representative will be able to assist you.

  • Can I enroll if I have a credit freeze with the credit bureaus?
    • Most credit monitoring services verify your identity at enrollment by matching information provided to them by you with information provided by credit bureaus. If you currently have a freeze on your credit report, it is possible that you may not be able to complete the account creation process until the freeze is lifted.

      ID Experts uses Experian as the credit bureau which it uses to verify your identity. Therefore, if you have placed freezes on your credit report with the credit bureaus, you only need to remove the credit freeze with Experian in order to be able to enroll with services with ID Experts. Once successfully enrolled, you may choose to refreeze your credit with Experian.

      You may unfreeze, and refreeze, your credit directly with Experian at:

      For more information on credit freeze please visit the Federal Trade Commission Website.

  • I live overseas. Why do I need a valid U.S. Address to enroll with the service provider?
    • You will need a valid U.S. address to enroll in services because some of the specific services require this information for activation, such as Sex Offender and Change of Address monitoring. If you do not have a current U.S. address, we recommend you use your most recent U.S. address or a relative’s address. Please know that our system allows for APO, DPO, or FPO addresses to be entered.

  • I have an APO, DPO, or FPO address, can I enroll?
    • Yes, the system allows for an APO, FPO, or DPO address.

  • Is there a cost to enroll?
    • Services are being provided at no cost to the individual.

  • Can sex offender alerts be ceased?
    • Yes, the sex offender alerts can be ceased. Please call the service provider at 800-750-3004 and a representative will be able to assist you. Please note that the removal of these alerts will take 24 to 48 hours and the removal will not impact the credit monitoring features of your membership. Once you cease the sex offender alerts, it cannot be undone.

  • What if I received a notification letter to enroll with ID Experts? Who is that and how am I impacted?
    • ID Experts is the company providing services to those impacted by the 2015 background investigation and personnel records incidents.

      Individuals impacted by the 2015 cyber incidents should have received their notification along with information about identify theft monitoring and restoration services. You may enroll with the service provider by selecting the "Enroll with Service Provider" link from the OPM Cyber Security Resource Center at https://www.opm.gov/cybersecurity or by calling the service provider at 800-750-3004 Monday through Saturday, between 9:00 a.m. and 9:00 p.m. Eastern Time. To verify whether you were impacted by this incident, please visit the Verification Center verify if you were impacted, and sign up for services.

  • What should I do if I am concerned about identity theft?
  • What services are being offered to impacted individuals?
    • Individuals whose data were impacted by the 2015 cyber incidents and their dependent minor children are entitled to the following services:

      • Identity monitoring
        Identity monitoring services include monitoring internet and monitoring database sources including those pertaining to criminal records, arrest records, bookings, court records, pay day loans, bank accounts, checks, sex offender, change of address, and Social Security number trace. These services are also available to your dependent minor children who were under the age of 18 before July 1, 2015. Please enroll with the service provider to access this service.
      • Credit monitoring
        Credit monitoring services include monitoring credit reports at all three national credit reporting agencies (e.g., Experian, Equifax, and TransUnion). Please enroll with the service provider to access this service.
      • Identity restoration services
        If your identity is compromised, representatives from the service provider will work with you to take steps to restore your identity. You and your minor dependent children have access to this benefit at any time during the coverage period without having to enroll in monitoring services; however, to utilize the restoration services, impacted individuals will need to verify that they are eligible to access services with the service provider.
      • Identity theft insurance
        Identity theft insurance is being provided to impacted individuals and their dependent minor children regardless of whether they enroll in monitoring services. For those impacted by the background investigations incident, identity theft insurance became effective on September 1, 2015. For those impacted by the personnel records incident, identity theft insurance became effective on December 2, 2016. The coverage includes all incidents of identity theft that occur during the coverage period, regardless of the source. It also covers you for expenses incurred in restoring your identity with no deductible.

  • Why are deceased individuals being notified?
    • Please accept our deepest sympathies on the loss of your loved one. The deceased were sent a notification letter because we have determined that their information was included in the 2015 cyber incidents. Our goal is to provide the information and tools to protect the deceased individual’s identity and credit, and that of any eligible dependent minor children.

      We are providing a comprehensive suite of identity theft protection and monitoring services. Each year, thieves steal the identities of nearly 2.5 million deceased Americans. To reduce the likelihood of any misuse, we are offering identify theft protection and credit monitoring services for deceased individuals who were impacted. Furthermore, for those impacted by the cyber incidents, we are also offering any deceased individual’s dependent children who were under the age of 18 as of July 1, 2015, identity protection services. These services include identity monitoring, identity theft insurance, and identity restoration services.

  • What should next of kin do when they receive a notification letter?
    • To protect against potential misuse, the deceased and any eligible dependents may be enrolled in the identity theft protection services at the OPM cybersecurity website using the 25-digit PIN code in the notification letter. Other personal information about the deceased, including the last four digits of the individual’s Social Security number, will be necessary to enroll. Please note that the 25-digit PIN code only includes numbers and does not include any letters or special characters.

  • Are dependent minor children of deceased individuals whose data were impacted eligible for identity protection and restoration services?
    • Dependent minor children of deceased individuals whose data were impacted by the 2015 cyber incidents are eligible to receive identity protection and restoration services. The eligible dependent minor children of the deceased may be enrolled in these services at the OPM Cybersecurity Resource Center using the 25-digit PIN code in the notification letter. Other personal information about the deceased, including the last four digits of the individual’s Social Security number, will be necessary to enroll. Please note that the 25- digit PIN code only includes numbers and does not include any letters or special characters.

      For purposes of coverage, dependent minor children are defined as children of impacted individuals who were under the age of 18 as of July 1, 2015, even if they were not listed on the form. If individuals have difficulty enrolling in services on-line, please call the service provider at 800-750-3004 Monday through Saturday, between 9:00 a.m. and 9:00 p.m. Eastern Time.

  • How can I further protect my deceased loved one’s identity?
    • Below are a few tips to reduce the risk of having a deceased person’s identity stolen:

      • Send the IRS a copy of the death certificate, which is used to flag the account to reflect that the person is deceased.
      • Send copies of the death certificate to each credit reporting bureau asking them to put a “deceased alert” on the deceased’s credit report. The addresses are: Experian, P.O. Box 4500, Allen, TX 75013; Equifax Information Services LLC Office of Consumer Affairs, P.O. Box 105139, Atlanta, GA 30348; and TransUnion LLC, P.O. Box 2000, Chester, PA 19022.
      • Review the deceased’s credit report for questionable credit card activity.
      • Avoid putting too much information in an obituary, such as birth date, address, mother’s maiden name or other personally identifying information that could be useful to identity thieves.

      More information to help you guard against identity theft is available on the IRS website. More tips to help protect a deceased person’s identify can also be found on the Identity Theft Center website; please type “deceased” in the search box.

  • What are my options if my information was not compromised? I don’t feel safe.
    • The Federal Government still recommends that you remain vigilant about protecting your identity and monitoring your credit even if we have concluded that your information was not impacted. There are several on-line resources available to assist you in protecting yourself:

      • For information about ways to protect yourself from identity theft, visit the Federal Trade Commission’s Identity Theft website.
      • For information about how to recover from identity theft, visit the Federal Government’s one-stop resource for identity theft victims at IdentityTheft.gov.
      • For information about what the Department of Justice is doing to stop identity theft fraud, visit the Department’s website.

  • What should I do if I have questions or concerns about my taxes?
    • You should contact the IRS or an independent tax advisor if you have questions related to your taxes.

  • What do I do if I experience suspicious activity related to my identity?
    • As part of the free identity protection services OPM is providing, you have access to services that will assist you, regardless of whether the suspicious or fraudulent activity is connected with the OPM incidents.

  • I received a suspicious call or communication. What can I do?
    • You will not receive an unsolicited phone call from OPM or the identity protection and credit monitoring service providers. However, we may reach out to a specific individual in response to a specific inquiry received from the individual or someone acting on his/her behalf. If you are contacted by anyone asking for your personal information in relation to this incident, do not provide it.

  • How much identity theft insurance coverage is being provided?
    • Should you wish to take action to restore your identity instead of taking advantage of the free identity theft restoration services being provided to you, identity theft insurance can help to reimburse you for certain expenses incurred if your identity is stolen.

      Insurance for the 2015 background investigation records incident became effective on September 1, 2015 and the scope of this coverage includes all incidents of identity theft that occur during the coverage period, regardless of the source. This insurance originally covered up to $1 million in expenses incurred in restoring identity with no deductible. Effective June 1, 2016, you are eligible to receive up to $5 million in identity theft insurance with no deductible.

      Insurance for those whose data were impacted only by the 2015 personnel records incident became effective on December 2, 2016 and the scope of this coverage includes all incidents of identity theft that occur during the coverage period, regardless of the source. You are also eligible to receive up to $5 million in identity theft insurance with no deductible.

  • I forgot my Username / Email Address or Password for MyIDCare.
    • You may retrieve your password online. To retrieve a username, you will again need to call the call center at the number listed below.

      • Retrieve Password: You may retrieve your password online by clicking “Forgot password” on the login screen at https://opm.myidcare.com/login.
      • Retrieve Username: Effective mid-June 2016, members were prompted to change their User ID to their email address. The system requires each user to have a unique email address. For additional assistance, you may call the service provider at: 800-750-3004.

  • My browser is having trouble connecting with MyIDCare.
    • MyIDCare works with the latest versions of Internet Explorer, Google Chrome, and Mozilla Firefox web browsers. If your preferred browser is not working with MyIDCare, first try using a different browser; then try clearing your cache.

      If you are having difficulty accessing MyIDCare from a workplace network, please contact your office’s IT team to troubleshoot the matter.

  • When my free services expire, will I be automatically re-enrolled or forced to pay for anything?
    • At the end of your membership, it will expire and your membership will end. You will not be charged after your free membership expires, unless you choose to re-enroll on your own.

      The contracts for identity monitoring with ID Experts for individuals impacted by the background investigation records and personnel records incidents are set to expire in December 2018. OPM is working to implement the extended coverage period.

  • Does enrolling in credit monitoring impact my credit score?
    • Inquiries for credit monitoring purposes will not affect your credit scores or lending decisions. Such inquiries are not shared with lenders and do not affect your credit scores. They only appear on your credit report when you get it through the credit monitoring service to which you subscribe, or when you request your report directly from the credit reporting company.

  • I think I was impacted by the 2015 OPM cybersecurity incidents and was also impacted by another data breach at a different organization. Will OPM services cover me for identity theft that occurs because of this different data breach?
    • Individuals receiving services OPM is offering through ID Experts are covered for all incidents of identity theft that occur during the period of coverage, regardless of the source.

Have a FAQ that is not included on this page? Please email suggestions for additional FAQs to cybersecurity@opm.gov.

Control Panel