The biggest public data breach where hackers attacked the federal government's  HR office nabbed the personal and financial information of more than 20 million Americans, including past and current employees, contractors and family members. Now, we're learning even reporters covering the federal government's activity are victims too.

The federal government is notifying journalists with credentials to cover federal agencies that their Social Security numbers, addresses, and other personal data may have been stolen. That's thousands of reporters, photographers, and cameramen from across the country. All of that exclusive access comes at a heavy price and unfortunately, it's their identity.

As we reported, OPM sent out the final batch of letters to victims informing them of the data breach and their possible stolen information. OPM is offering credit monitoring services, but you have to call up their hotline or visit a website that had not yet been fully operational. 

Meanwhile, scammers are having field day with private information, which is enough to open credit accounts, apply for loans, submit fraudulent tax returns, and other illegal activity. As a victim of fraud, you are left to live in fear or untangle yourself from the financial mess that irresponsible government agencies created by not protecting your private information adequately.

The Washington Post reports:

Reporters who write about the Defense Department, the White House and the CIA for The Washington Post confirmed that they have received letters in recent weeks, telling them their personal information may have been stolen and urging them to sign up for free credit monitoring and identity-theft protection.

Journalists, contractors without access to sensitive material, and even volunteers who go in and out of federal buildings also are thoroughly vetted, albeit through a less rigorous process, as long as they want credentials for regular access to a facility for a period of at least six months.

The vetting of journalists, in other words, is similar to what’s done for much of the federal workforce. They’re not high-level background investigations like a CIA officer, diplomat or someone handling nuclear materials would go through, but the government still wants to know if the person has a criminal history, if they are who they say they are and whether their work history checks out. A fingerprint check usually is involved, and the person submits a Social Security number, date of birth, address and a few other details of their identity.

OPM has every right to vet journalists and any person seeking regular admission to federal buildings, where they'll interact with those who need special protection (from President Obama on down). However, OPM has demonstrated negligence of the sensitive personal information under their care. Federal agencies, such as the IRS, have also been slow to catch up. 

Here's a simple rule: if you're asking for my information, you should first show me that you'll protect it. Just as private sector employers take care not to share the personal information of employees and applicants and institute stringent document retention policies, public agencies should as well.

State and local government agencies shouldn't wag their fingers or sit by idly either. The OPM breach is an opportune teaching moment for all that no one is immune from online attacks. Instead of apologizing after the fact, good stewardship of the public trust demands being proactively vigilant.