Remember the massive data breach at the federal government’s HR office, the Office of Personnel Management?
Well, finally after just 10 short months, the 21.5 million Americans whose information was ripped off are being notified that they are victims of a failure of our cybersecurity. About 600,000 notification letters will begin rolling out daily that which will include an offer to enroll in no-cost credit monitoring of services, identity theft insurance, and identity restoration services for the next three years reportedly.
If only this had come in January or March of this year – soon after the data breaches – rather than October. Then again OPM didn’t come clean about having been hacked until this June and has been slow to investigate. Because the hack is so sweeping it will take weeks for every person to be notified going well into November.
OPM is so disorganized that they will randomly be sending the letters – not alphabetically or in agency order. That means you may receive your notification letter weeks before your husband or someone else in your household does. Either way, millions of Americans will be severely disadvantaged in their fight to protect their own identities.
With ten months of lead time and a jack pot of personal information that includes Social Security numbers, addresses, and other personal information, hackers could have done a tremendous amount of damage to the credit of so many Americans. A snail mail letter is little solace.
The Washington Post reports:
[Beth Cobert, acting director of the Office of Personnel Management (OPM),] acknowledged the toll the cybertheft has taken on the workforce.
“There is no doubt that we need to rebuild the employees’ trust in OPM, in OPM’s systems, in the federal government’s ability to protect sensitive data,” she said in an interview. “That is absolutely a critical priority for us.”
“I understand that many of you are frustrated and concerned, and would like to receive this information soon,” Cobert’s e-mail said. “My personal data was also stolen in this breach, and I am eager to get my notification letter as soon as possible so that I can sign up for these services. However, given the sensitive nature of the database that was breached – and the sheer volume of people affected – we are all going to have to be patient throughout this notification process.”
If waiting for nearly a year until she gets her letter in the mail while hackers use her personal information is fine with OPM chief Beth Cobert that’s her business. However, I’m sure many vulnerable Americans would like to be more proactive. Millions of them are entirely clueless about how much the data breach may have affected them.
The difference between this breach and those we’ve seen in the private sector with retailers such as Target, is that scammers haven’t accessed nearly as much sensitive information on individuals as they have from OPM. A Social Security number, name, address, and familial relationships is more than enough to duplicate identities, submit tax filings, and more. It should give us great pause as we consider just how much the government has on each of us and how little care they’ve taken to protect that data until now. OPM was warned about the vulnerabilities in their systems. This likely could’ve been avoided we’ve learned from government watchdog groups.
I guess everyone will have to wait until their snail mail arrives to alert them of the data breach. By the way, how many people still check snail mail?