Human Resources and Security Specialists should use this tool to determine the correct investigation level for any covered position within the U.S. Federal Government.
Visit this federal site to search for our regulatory notices, proposed and final rules.
See the latest tweets on our Twitter feed, like our Facebook pages, watch our YouTube videos, and page through our Flickr photos.
WASHINGTON, DC – The U.S. Office of Personnel Management (OPM) has identified a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information (PII).
Within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM detected a cyber-intrusion affecting its information technology (IT) systems and data. The intrusion predated the adoption of the tougher security controls.
OPM has partnered with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI) to determine the full impact to Federal personnel. OPM continues to improve security for the sensitive information it manages and evaluates its IT security protocols on a continuous basis to protect sensitive data to the greatest extent possible. Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.
As a result of the incident, OPM will send notifications to approximately 4 million individuals whose PII may have been compromised. Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary. In order to mitigate the risk of fraud and identity theft, OPM is offering credit report access, credit monitoring and identify theft insurance and recovery services to potentially affected individuals through CSID®, a company that specializes in these services. This comprehensive, 18-month membership includes credit monitoring and $1 million in identity theft protection services at no cost to enrollees.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
OPM has issued the following guidance to affected individuals:
How to avoid being a victim:
Potentially affected individuals can obtain additional information about the steps they can take to avoid identity theft from the following agencies. The FTC also encourages those who discover that their information has been misused to file a complaint with them.
For California Residents:
Visit the California Office of Privacy
Protection (www.privacy.ca.gov) for
additional information on protection
against identity theft
For Kentucky Residents:
Office of the Attorney General of Kentucky
700 Capitol Avenue, Suite 118
Frankfort, Kentucky 40601
For Maryland Residents:
Office of the Attorney General of Maryland
Consumer Protection Division
200 St. Paul Place
Baltimore, MD 21202
For North Carolina Residents:
Office of the Attorney General of North Carolina
9001 Mail Service Center
Raleigh, NC 27699-9001
For all other US Residents:
Identity Theft Clearinghouse
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Our mission is to Recruit, Retain and Honor a World-Class Workforce to Serve the American People. OPM supports U.S. agencies with personnel services and policy leadership including staffing tools, guidance on labor-management relations and programs to improve work force performance.