The Office of Personnel Management has released more information about the recent cybersecurity attack and now says that more systems than previously thought have also been compromised.
The memo below put out by OPM on June 15 says that the additional systems that were compromised contain information related to the background investigations of current, former, and prospective Federal government employees, as well as other individuals for whom a Federal background investigation was conducted.
For more information about the breach announced on June 4th referenced by the memo below, see Information From OPM About Cyber Attack.
Through the course of the ongoing investigation into the cyber intrusion that compromised personnel records of current and former Federal employees announced on June 4, OPM has recently discovered that additional systems were compromised. These systems included those that contain information related to the background investigations of current, former, and prospective Federal government employees, as well as other individuals for whom a Federal background investigation was conducted.
This separate incident – like the one that was announced on June 4th affecting personnel information of current and former federal employees – was discovered as a result of OPM’s aggressive efforts to update its cybersecurity posture, adding numerous tools and capabilities to its network.
OPM, the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) are working as part of this ongoing investigation to determine the number of people affected by this separate intrusion. OPM will notify those individuals whose information may have been compromised as soon as practicable. OPM will provide updates when we have more information on how and when these notifications will occur.
OPM remains committed to improving its security capabilities and has invested significant resources in implementing tools to strengthen its security barriers. Additionally, the Office of Management and Budget (OMB) has instructed Federal agencies to immediately take a number of steps to further protect Federal information and assets and improve the resilience of Federal networks.
For those individuals potentially affected by the incident announced on June 4 regarding personnel information, OPM is offering affected individuals credit monitoring services and identity theft insurance in order to mitigate the risk of fraud and identity theft with CSID, a company that specializes in identity theft protection and fraud resolution. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM. Additional information is available on the company’s website, and by calling toll-free 844-777-2743 (International callers: call collect 512-327-0705).
Protecting the integrity of the information OPM maintains is the agency’s highest priority. OPM continually evaluates our IT security protocols to make sure that sensitive data is protected to the greatest extent possible, across all networks. Because cybercrime is an evolving and pervasive threat, we are continuously working to identify and mitigate threats when they occur. The following are some key reminders of the seriousness of cyber threats and of the importance of vigilance in protecting our systems and data.