OPM Announces Updates Regarding Data Breaches

United States Office of Personnel Management (OPM) logoNTEU has received updated information from the Office of Personnel Management (OPM) regarding the recent data breaches that have affected federal employees and retirees.

OPM has posted newly-updated information and materials, including new FAQs, on its web site at https://www.opm.gov/cybersecurity. Additionally, as of June 1, 2016, the $1 million cap for the identity theft liability insurance being provided by OPM has been raised to $5 million, owing to NTEU’s efforts on Capitol Hill urging higher levels of coverage. This increase in coverage levels has been extended automatically, and individuals do not need to take any action. In language enacted at the end of last year by Senator Barbara Mikulski (D-MD), Congress also required OPM to provide the credit monitoring and theft protection services for a period of ten years, rather than the originally-planned 18 months. OPM is continuing its work on implementing the time extension and plans to notify individuals about this issue later this year.

The second main update is regarding mailed notification letters to the individuals who were affected in the background investigations breach (as opposed to the separate personnel records breach). OPM has informed us that approximately 10% of the affected 21.5 million individuals in the background investigations breach did not ultimately receive a mailed notification letter last year, mainly due to outdated address information. OPM will begin to re-mail notification letters to this 10% starting today. As a reminder, the notices being mailed will list OPM in the return address (OPM Notifications), and the letter is signed by Acting OPM Director Beth F. Cobert. Templates of the letters being mailed are available on OPM’s web site at https://www.opm.gov/cybersecurity. Please note that OPM has relied on publicly-available address information, so letters may be mailed to a variety of addresses (may not correlate with the home address employees have provided to their employing agencies).

Binary codeThe DOD-run Verification Center that was set up last year for individuals who believe they may have been affected by the background investigation breach but never received a notification letter is still operational. Individuals can contact the Verification Center, either online or by a toll-free number, to find out whether or not they were affected by receiving a mailed confirmation letter in 2–4 weeks’ time. The Verification Center can be accessed online via OPM’s cybersecurity site at https://www.opm.gov/cybersecurity or by calling 1-866-408-4555 (Monday through Friday from 9 a.m. to 9 p.m. Eastern). The Verification Center will remain operational through the end of December 2018.

NTEU reminds us that no calls will be made to notify affected individuals, nor will anyone personally reach out and ask for any information during this process. Again, all available information regarding this incident and the response can be found on OPM’s web site at https://www.opm.gov/cybersecurity.

NTEU continues to maintain that the coverage periods for the credit monitoring and theft protection services being provided by the U.S. Government are not adequate. NTEU strongly supports Senator Cardin’s (D-MD) and Representative Eleanor Holmes Norton’s (D-DC) RECOVER Act that would provide compromised individuals with lifetime credit monitoring and identity theft protection (H.R. 3029 in the House; S.1746 in the Senate). Please visit www.nteu.org to see how you can help on this important issue.

NTEU also continues its efforts on the lawsuit filed to provide lifetime credit monitoring and identity theft protection for NTEU members and to ensure that the U.S. Government does not allow such a severe breach of personal information to happen again.