The Office of Personnel Management has completed mailing notification letters to roughly 93% of individuals whose Social Security Number and other personal information was stolen in the data breaches announced by the agency over the summer. All told, it took OPM about 5 months to complete mailing the letters since the largest of two data breaches was announced.
OPM has been working with the Department of Defense to mail the letters and to set up and maintain the Cybersecurity Resource Center website.
When the site was first announced, OPM said that one of its features is that individuals can use it to find out whether or not their personal data was exposed in the breaches if they hadn’t already been notified by OPM. However, an announcement on the site requested that users wait until OPM had finished mailing the notification letters before requesting the verification.
In light of this announcement that the majority of the notification letters have been sent, OPM is giving the green light to start sending in verification requests. To learn more about how to do this, visit the Cybersecurity Resource Center website.
Individuals who think they may have been impacted can help OPM by sending in requests. The remaining 7% or so of individuals who haven’t been contacted is due largely to the agency not having current/valid addresses to which to send the letters. OPM said that additional letters will be mailed to the remaining impacted individuals as requests come through the verification center or if it can obtain valid addresses for letters returned to sender through the postal service.
The notification letters detail information on credit monitoring and identity theft protection services and insurance the U.S. Government is providing at no cost to the impacted individuals and their dependent minor children.
If you receive one of these letters, you should visit the Cybersecurity Resource Center website to compare the letter to the examples listed there to make sure it is authentic. The letter should direct you to OPM’s cybersecurity website at https://www.opm.gov/cybersecurity. Any email that asks for personal information, or any version of the letter that does not direct individuals to OPM’s cyber security website should be considered fraudulent and reported to local law enforcement as well as the Federal Trade Commission (FTC).