In April the Office of Personnel Management became aware of a cybersecurity breach that may have exposed the personnel records of current and former employees. During the investigation into that event, additional breaches were discovered into systems that handle information related to background investigations for jobs and security clearances.

According to the data breach guidance published by the Department of the Navy on June 26, it is believed that more than four million people may have been affected by the first incident. However, according to an article published on the DefenseOne website, “The OPM hack may have exposed as many as 18 million records of government employees and job applicants, including people who applied for — and received — top-secret clearances.”

OPM began notifying individuals affected by the first breach on June 8 via e-mail and First Class mail through the U.S. Postal Service. Notifications were suspended from June 11-15 while a more secure method of contacting people was developed, and notifications resumed on the afternoon of the 15th. Plans are still being developed regarding when and how to notify individuals affected by the second incident.

In an e-mail forwarded to many of the affected current employees, Danielle Han, deputy director of Human Resources and Organizational Management, said, “OPM is providing affected employees complimentary identity theft insurance free of charge for 18 months. Every affected individual, regardless of whether or not they explicitly take action to enroll with their PIN#, will have up to $1 million of identity theft insurance and access to full-service identity restoration provided by CSID until December 7, 2016.”

Employees and former employees are also being offered 18 months of free credit monitoring and need to follow the instructions provided in the mailed or e-mailed notifications to take advantage of it. The identity theft insurance is provided automatically.

As stated in the DON guidance, “Impacted employees may also call 1-844-777-2743” for more guidance, though they are likely to experience lengthy wait times and cannot actually register for the credit monitoring service over the phone; that can only be done online.

There is a great deal of speculation that the Chinese government may be behind the breaches. However, Adm. Michael Rogers, commander of U.S. Cyber Command and director of the National Security Agency, says that is only an assumption at this point and was not able to make a definitive statement on who may be responsible.

— Writer: ebaker@quanticosentryonline.com