In response to OPM’s breach of our member’s Personal Identifying Information (PII) and release of other sensitive data, FLEOA prepared an informative bulletin to assist you and your family with taking proactive steps to prevent further abuse of your PII.
By now you should have received an email from OPM notifying you that your personal information may have been compromised. The email will come from firstname.lastname@example.org
and it will contain information regarding credit monitoring and identity theft protection services. Ensure that the email you received from OPM is from CSID and not a phishing attempt. To do this, check the address on your email header and ensure it reads email@example.com
. To be safe, launch a new window and then cut and paste firstname.lastname@example.org
into your new web browser and follow the instructions. Don’t fall into the false sense of security that that credit monitoring will protect you. It’s a good service and certainly one you should take advantage of, but there are additional services and resources you should also consider deploying. So what else can you do to protect your identity?
First, contact one of the three credit reporting bureaus Transunion (www.transunion.com
), Experian (www.experian.com
) and Equifax (www.equifax.com
) and report you are a victim of identity theft and request a FRAUD ALERT be placed on your record. Note: by law, you only need to contact one of the three. As soon as you place the fraud alert with one credit bureau, they have to notify the other two. Please keep in mind that a fraud alert is only valid for three (3) months and then you have to call them again and renew. A fraud alert works much the same way as credit monitoring – anytime someone queries your credit, either through a loan application or even checks your credit you are notified. There is no charge for this service.
Additionally, by law, you are entitled to receive one free credit report per year, per credit bureau. In effect, you can request 3 credit reports per year at no charge from each of the credit bureaus. FLEOA recommends that you request a new credit report every four (4) months for the next three to five years and then at least every six months for every year thereafter. If you notice an account that you or your spouse do not recognize, immediately notify the company that you are a victim of identity theft and you did not authorize the questionable account.
Another important step to consider is freezing your credit account. Unlike credit monitoring where you are simply notified of a credit query, a credit freeze will prevent anyone from using your SSN to obtain credit in your name. It also prevents anyone from reviewing your credit worthiness. The cost is $10 to freeze and another $10 to unfreeze. As with placing a fraud alert on your account, you only need to notify one of the three credit reporting bureaus. FLEOA recommends you to freeze your credit if you are not planning to purchase a car, a house or obtain credit cards in the next year or so. If you are planning on purchasing a car or house this year, you may want to consider waiting to freeze your credit until after you have completed your purchase.
Another option to consider is paying a fee for the credit bureaus to contact you via, text, email or phone anytime someone queries or uses your SSN to obtain credit. This provides instant real time feed back and allows you to respond immediately to any threat to your credit. Note: there is a fee for this service.
FLEOA also recommends you to set up a My SSA account through the Social Security Administration (http://www.ssa.gov/my
account). By setting up a My SSA account, you can access your work history and yearly earnings and ensure that only the wages you earned are showing up under your SSN. This helps prevent anyone from filing SSA claims in your name and working under your SSN without you knowing about it.
For additional information on how to protect yourself and your family from identity theft, visit the Federal Trade Commission at www.ftc.gov/idtheft
Someone mentioned this was a “Pearl Harbor Level Breach” sounds about right. If you applied for a clearance consider yourself compromised. Still they say nobody is at fault and no heads will roll.
Epic Fail is now the only level of performance we can expect from the G.
OF COURSE no “heads will roll” – nobody’s even gonna lose their bonus, much less their six-figure position. I’d be pretty cool with literal decapitation since I’m one of the folks whose lives are now in Chinese hands (and apparently HAVE BEEN for the better part of a YEAR).
I dumped the OPM email as soon as I got it. I’m not gonna expect the numbskulls who allowed this breach to “protect” me from its consequences. Screw me once…
Thank you! Good nuggets of advice from FLEOA. No, I do not trust ANYTHING from OPM, especially the lowest bid credit monitoring service being provided for a whole 18 months. Just for kicks, my OPM letter read the freebie service expires on…December 7, 2016. Well on the Brightside, this just highlights all the useless box checking I’ve had to do for DoD computer “Cybertraining”. Good times, good times. Hardly.
No one at my former unit has received any information or guidance about all this. This was straight from my squadron NCOIC’s of Security & HR. Their advice was similar to FLOEA’s, and they did say if they heard anything, they’d contact me.
My supervisor said he had heard that a couple of acquaintances from other agencies had received letters.
Everybody, however, did say that any Email contact was to be considered suspect.
So if I haven’t received an e-mail I am supposed to believe that my information hasn’t been compromised?
Thanks for this. I forwarded the information to several friends with current or recent security clearances.
By the way, don’t answer any calls from Chinese hookers. Just sayin’. :)
I’m an old timer and filled out the handwritten SF-86 (before1990), therefore I don’t expect to receive the warning message, based on what I’ve been told. But if you think that I feel safe from compromise from the Chinese or anyone else, you’re sadly mistaken.