Author Topic: For Federal Employees re: Data Breach  (Read 10252 times)

Blonde Lawyer

  • Pencil Stache
  • ****
  • Posts: 762
    • My Student Loan Refi Story
For Federal Employees re: Data Breach
« on: July 09, 2015, 11:33:28 AM »
There is a petition circulating to get you free credit monitoring for life.  From what I understand, you are currently only getting 18 months of monitoring free.  This breach is worse than other financial breaches because it includes background info like mother's maiden name and siblings' names.  If you are interested, here is the link - https://petitions.whitehouse.gov/petition/provide-lifetime-identity-protection-federal-employees-who-were-victimized-breach-opm.


enigmaT120

  • Bristles
  • ***
  • Posts: 389
  • Location: Falls City, OR
Re: For Federal Employees re: Data Breach
« Reply #1 on: July 09, 2015, 02:13:04 PM »
Won't my mother's maiden name expire before my 18 months of protection (insurance, really, not protection) are up?

I should just follow one of the suggestions that block the credit agencies from issuing credit to me without double checking.  I can't remember how to do that.  I already have way more available credit than I need.


enigmaT120

  • Bristles
  • ***
  • Posts: 389
  • Location: Falls City, OR
Re: For Federal Employees re: Data Breach
« Reply #2 on: July 09, 2015, 02:14:10 PM »
But I just realized, the data breach gives me an excuse if I post something stupid on line!  I can say somebody else stole my identity.


forummm

  • Walrus Stache
  • *******
  • Posts: 7374
  • Senior Mustachian
Re: For Federal Employees re: Data Breach
« Reply #3 on: July 09, 2015, 02:31:19 PM »
Holy cow, 21.5 million people's info was stolen!

http://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html

Quote
The Office of Personnel Management revealed on Thursday that “sensitive information” of 21.5 million individuals was obtained last year by hackers who intruded into the federal personnel agency’s computer networks.

The agency said the incident was separate from, but related to, a previous breach that compromised the personnel data of 4.2 million federal employees.

The breach announced on Thursday included 19.7 million individuals who had applied for background investigations and 1.8 million others who were mostly their spouses or cohabitants.

The agency said in a statement that a forensic investigation had concluded “with high confidence” that the individuals’ information, including Social Security numbers, was stolen from background investigation databases. Some of the records included material from interviews conducted by background checkers, and about 1.1 million of them included fingerprints.

We have to do something about identity theft for the whole country. It's stupid that a few pieces of information could let you take someone's identity and possibly their life savings, etc. In an age where information is widely available, that's no longer a low-risk activity.

trailrated

  • Handlebar Stache
  • *****
  • Posts: 1136
  • Age: 36
  • Location: Bay Area Ca
  • a smooth sea never made a skilled sailor
Re: For Federal Employees re: Data Breach
« Reply #4 on: July 09, 2015, 02:44:20 PM »
There is a petition circulating to get you free credit monitoring for life.  From what I understand, you are currently only getting 18 months of monitoring free.  This breach is worse than other financial breaches because it includes background info like mother's maiden name and siblings' names.  If you are interested, here is the link - https://petitions.whitehouse.gov/petition/provide-lifetime-identity-protection-federal-employees-who-were-victimized-breach-opm.

Thought this article was fitting... just came out that it is even worse than they thought before, 21.5 million records compromised in a second breach just announced.

http://www.nationaljournal.com/tech/hack-opm-office-personnel-management-cyber-million-20150709

trailrated

  • Handlebar Stache
  • *****
  • Posts: 1136
  • Age: 36
  • Location: Bay Area Ca
  • a smooth sea never made a skilled sailor
Re: For Federal Employees re: Data Breach
« Reply #5 on: July 09, 2015, 02:45:09 PM »
Holy cow, 21.5 million people's info was stolen!

http://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html

Quote
The Office of Personnel Management revealed on Thursday that “sensitive information” of 21.5 million individuals was obtained last year by hackers who intruded into the federal personnel agency’s computer networks.

The agency said the incident was separate from, but related to, a previous breach that compromised the personnel data of 4.2 million federal employees.

The breach announced on Thursday included 19.7 million individuals who had applied for background investigations and 1.8 million others who were mostly their spouses or cohabitants.

The agency said in a statement that a forensic investigation had concluded “with high confidence” that the individuals’ information, including Social Security numbers, was stolen from background investigation databases. Some of the records included material from interviews conducted by background checkers, and about 1.1 million of them included fingerprints.

We have to do something about identity theft for the whole country. It's stupid that a few pieces of information could let you take someone's identity and possibly their life savings, etc. In an age where information is widely available, that's no longer a low-risk activity.

Damn I should have read this before I posted

snogirl

  • Bristles
  • ***
  • Posts: 364
Re: For Federal Employees re: Data Breach
« Reply #6 on: July 09, 2015, 02:58:54 PM »
Thanks for the heads up!

Digital Dogma

  • Bristles
  • ***
  • Posts: 423
Re: For Federal Employees re: Data Breach
« Reply #7 on: July 09, 2015, 03:02:03 PM »
Does anyone know if this also has an impact on people who have gone through security clearances as sub contractors? Im suspecting anyone who has been cleared is exposed but I hope not.

fattest_foot

  • Pencil Stache
  • ****
  • Posts: 856
Re: For Federal Employees re: Data Breach
« Reply #8 on: July 09, 2015, 03:03:59 PM »
I suggest reading this article, and then realizing that it doesn't matter.

https://medium.com/message/everything-is-broken-81e5f33a24e1

Your personal information will never be safe. Give up the illusion of "security" or "anonymity" and situations like this will bother you a lot less.

Personally, I've been involved with the DoD (either on active duty or as a civilian) since 2002, and I don't even remember how many times my PII has been compromised. It's just another one of those things that you can't do much of anything about.

Check your credit report every year like you would do in any normal scenario, and continue living life.

johnny847

  • Magnum Stache
  • ******
  • Posts: 3188
    • My Blog
Re: For Federal Employees re: Data Breach
« Reply #9 on: July 09, 2015, 03:08:32 PM »
I suggest reading this article, and then realizing that it doesn't matter.

https://medium.com/message/everything-is-broken-81e5f33a24e1

Your personal information will never be safe. Give up the illusion of "security" or "anonymity" and situations like this will bother you a lot less.

Personally, I've been involved with the DoD (either on active duty or as a civilian) since 2002, and I don't even remember how many times my PII has been compromised. It's just another one of those things that you can't do much of anything about.

Check your credit report every year like you would do in any normal scenario, and continue living life.

I agree. We all have to adjust to the new "normal."

Your PII may have already been compromised by another company without your knowledge (the company may not be aware of it yet). With breaches like this becoming more and more common, you shouldn't operate under the assumption that your PII hasn't been compromised because no company that stores your data has informed you otherwise.

forummm

  • Walrus Stache
  • *******
  • Posts: 7374
  • Senior Mustachian
Re: For Federal Employees re: Data Breach
« Reply #10 on: July 09, 2015, 03:09:41 PM »
I suggest reading this article, and then realizing that it doesn't matter.

https://medium.com/message/everything-is-broken-81e5f33a24e1

Your personal information will never be safe. Give up the illusion of "security" or "anonymity" and situations like this will bother you a lot less.

Personally, I've been involved with the DoD (either on active duty or as a civilian) since 2002, and I don't even remember how many times my PII has been compromised. It's just another one of those things that you can't do much of anything about.

Check your credit report every year like you would do in any normal scenario, and continue living life.

No, this is more severe than just your SS#. If they have other info about you they could bypass your security questions, and take money from your accounts. This isn't just opening up credit in your name (although that is a risk as well). You should change your security question answers to be passwords (not the same password you use obviously) that no one could get from knowing everything about you.

sol

  • Walrus Stache
  • *******
  • Posts: 8433
  • Age: 47
  • Location: Pacific Northwest
Re: For Federal Employees re: Data Breach
« Reply #11 on: July 09, 2015, 03:15:59 PM »
My PII has been hacked at least four times in the past two years, that I know about so far, though the OPM breach of background documents was by far the worst.

Privacy is dead, deal with it.  We're all going to spend the rest of our lives monitoring and curating and stewarding our electronic identities.  You can't live online any other way.

johnny847

  • Magnum Stache
  • ******
  • Posts: 3188
    • My Blog
Re: For Federal Employees re: Data Breach
« Reply #12 on: July 09, 2015, 03:20:20 PM »
Oh yea and the whole maiden name thing is really aggravating. My mother kept her maiden name. Some security question that is.

I suppose I could make up a maiden name, but my problem is that because I already have accounts where I used my mother's real maiden name, I'd have a hard time keeping track of what maiden name I gave on each account.

Blonde Lawyer

  • Pencil Stache
  • ****
  • Posts: 762
    • My Student Loan Refi Story
Re: For Federal Employees re: Data Breach
« Reply #13 on: July 09, 2015, 06:42:41 PM »
I already operate on the assumption my data is out there.  That's why I'm not afraid to use Mint.  I just check my accounts regularly and check my credit score regularly.  Without going into too much info for obvious reasons I'm just a bit more concerned about the intent behind the group that accessed this information.  There are certain people in government that already have to be concerned about their safety and work very hard to protect their address, their spouse's name, their kids names, etc. from the bad guys.  This is also why "they" have a gun but I digress.

The one part that does make me laugh is a good friend of mine almost lost her clearance because her mother refused to give certain info about a prior marriage saying it was none of the government's business.  She didn't care if her daughter lost her job over it.  My friend was so embarrassed because she thought her mom was making her look crazy.  Well, I guess mom was right - oh and my friend was able to still get her clearance.

Cathy

  • Handlebar Stache
  • *****
  • Posts: 1044
Re: For Federal Employees re: Data Breach
« Reply #14 on: July 09, 2015, 06:53:33 PM »
The risk with mint.com is unique and quite different from almost anything else you can do online. This unique risk arises from a combination of two factors:
  • Most (although not quite all) financial institutions take the position that they are not responsible for any losses due to data breach if you gave your online credentials to any third party. Your acceptance of this position is often alleged to be a condition of your use of their web services. I do know of one financial institution that does not take this position, but that's rare; almost all take this position.
  • Intuit takes the position that it is not responsible for any losses due to a breach of mint.com. It further says that your acceptance of that position is a condition of your use of mint.com and that by using mint.com you accede to that position.

The net effect of these two positions is that if both are valid and enforceable and mint.com is compromised and you lose all your money, you have no real remedy. Your only hope to recover the money is to sue the attacker behind the breach, but that's probably impossible for a variety of reasons (such as the person being unidentifiable, and even if they are later identified, they aren't likely to turn over the assets or even have them all).

Now, maybe you think those positions would not prevail in a court of law. The merits of the positions are outside the scope of this post. But it's certainly the case that mint.com presents a unique risk that is quite different from other online activities.

Blonde Lawyer

  • Pencil Stache
  • ****
  • Posts: 762
    • My Student Loan Refi Story
Re: For Federal Employees re: Data Breach
« Reply #15 on: July 09, 2015, 08:53:10 PM »
The risk with mint.com is unique and quite different from almost anything else you can do online. This unique risk arises from a combination of two factors:
  • Most (although not quite all) financial institutions take the position that they are not responsible for any losses due to data breach if you gave your online credentials to any third party. Your acceptance of this position is often alleged to be a condition of your use of their web services. I do know of one financial institution that does not take this position, but that's rare; almost all take this position.
  • Intuit takes the position that it is not responsible for any losses due to a breach of mint.com. It further says that your acceptance of that position is a condition of your use of mint.com and that by using mint.com you accede to that position.

The net effect of these two positions is that if both are valid and enforceable and mint.com is compromised and you lose all your money, you have no real remedy. Your only hope to recover the money is to sue the attacker behind the breach, but that's probably impossible for a variety of reasons (such as the person being unidentifiable, and even if they are later identified, they aren't likely to turn over the assets or even have them all).

Now, maybe you think those positions would not prevail in a court of law. The merits of the positions are outside the scope of this post. But it's certainly the case that mint.com presents a unique risk that is quite different from other online activities.

Not to get to off topic but my thought on the worst case scenario w/ Mint is a breach would likely impact such a large number of users that something would have to be done.  I don't know what that something would be but it's basically a "too big to fail" type scenario.  Would the gov't actually allow up to 10 Million people to lose their life savings? (number of registered users as of 2012).  If they were just hacking one person, the chance of it being me is about the same as me winning the lottery.

Lastly, the financial institution that holds the largest amount of my money provides read only credentials to use on Mint that is different from my regular log-in info.

forummm

  • Walrus Stache
  • *******
  • Posts: 7374
  • Senior Mustachian
Re: For Federal Employees re: Data Breach
« Reply #16 on: July 10, 2015, 06:29:14 AM »
Why take the risk? Is Mint so much better than an Excel spreadsheet?

snogirl

  • Bristles
  • ***
  • Posts: 364
Re: For Federal Employees re: Data Breach
« Reply #17 on: July 10, 2015, 07:06:07 AM »
I'm good as long as my retirement check keeps coming & my credit report is clear

dude

  • Handlebar Stache
  • *****
  • Posts: 2369
Re: For Federal Employees re: Data Breach
« Reply #18 on: July 10, 2015, 07:20:20 AM »
My PII has been hacked at least four times in the past two years, that I know about so far, though the OPM breach of background documents was by far the worst.

Privacy is dead, deal with it.  We're all going to spend the rest of our lives monitoring and curating and stewarding our electronic identities.  You can't live online any other way.

Yeah man, but if they manage to somehow get to your TSP and drain it, you're fooked.  I just had my 5-year background done a little over a year ago, so for sure my shit was compromised.  I don't dwell on it, but for sure it concerns me.  Can't bring myself to be as unconcerned about it as you, Sol!  Probably just my nature.

NorCal

  • Handlebar Stache
  • *****
  • Posts: 1464
Re: For Federal Employees re: Data Breach
« Reply #19 on: July 10, 2015, 07:53:07 AM »
On the bright side, if you ever apply to teach in China, they'll already have your information on file.

zhelud

  • Stubble
  • **
  • Posts: 243
Re: For Federal Employees re: Data Breach
« Reply #20 on: July 10, 2015, 09:02:26 AM »
I don't even worry about it anymore.  My agency already lost all of my data (including bank account number- now that's a pain to deal with!) a few years ago.
The funny thing is that all employees in my agency are required to take online "Personal identity information protection training" every year, even the vast majority of us who do not handle any PII in our jobs.  They really ought to think about putting the money that they spend on the training into better computer security!

forummm

  • Walrus Stache
  • *******
  • Posts: 7374
  • Senior Mustachian
Re: For Federal Employees re: Data Breach
« Reply #21 on: July 10, 2015, 10:39:27 AM »
So OPM lets people's info get stolen. Then their "What You Can Do" advice is--advice about how not to let your info get stolen! Strangely, "Don't work for the federal government or be a relative or former acquaintance of a current or former federal government employee" didn't make it onto the list.

https://www.opm.gov/cybersecurity/#WhatDoINeedToDo

hybrid

  • Handlebar Stache
  • *****
  • Posts: 1688
  • Age: 57
  • Location: Richmond, Virginia
  • A hybrid of MMM and thoughtful consumer.
Re: For Federal Employees re: Data Breach
« Reply #22 on: July 10, 2015, 02:18:26 PM »
In today's world I just live under the assumption that someone somewhere has info about me. So like others I check my accounts regularly and keep good passwords. My wife is a Federal employee, our insurance is Anthem, we've shopped at Target, do I need to go on?

Paul der Krake

  • Walrus Stache
  • *******
  • Posts: 5854
  • Age: 16
  • Location: UTC-10:00
Re: For Federal Employees re: Data Breach
« Reply #23 on: July 10, 2015, 02:56:30 PM »
The best thing to do is to monitor regularly your affairs and nip attempts in the bud early. Free tools like creditkarma.com make it dead easy, and it takes less than 5 minutes per month to keep an eye on things.

The good news is that now that this is a much bigger problem, banks and financial institutions have streamlined procedures in place to cancel accounts and undo the damage IF (and that's a big if) it gets reported early. The horror stories you hear about people who've had their identities stolen are usually folks who didn't keep tabs on their credit reports for a decade and were surprised to find accounts that someone opened for them in collections.


Sayonara925

  • Stubble
  • **
  • Posts: 131
  • Location: Point B
Re: For Federal Employees re: Data Breach
« Reply #24 on: July 10, 2015, 03:40:15 PM »
Geez Louise...

What data is included in a background investigation?

Types of information involved in the background investigation records incident that may have been impacted:
        Social Security Numbers
        Residency and educational history
        Employment history
        Information about immediate family and personal and business acquaintances
        Health, criminal and financial history that would have been provided as part of your background investigation

Some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

In general, background investigation forms collect personal information for people occupying positions with the Federal government, including SSNs to:
        Check criminal histories;
        Validate background investigation applicants' educations;
        Validate employment histories;
        Validate background investigation applicants' living addresses; and
        Gain insight into the character and conduct of background investigation applicants, through checks of references.

In addition, some people occupying public trust or national security provide additional types of information that may include:
        Personal information of a spouse or a cohabitant (including SSNs);
        Personal information of parents, siblings, other relatives, and close friends (but does not include SSNs);
        Foreign Countries visited and individuals the applicant may know in those countries;
        Current or previous treatment for mental health issues; and/or
        Use of illegal drugs.

For public trust and national security investigations, other information may be collected related to parents, siblings, other relatives, close friends, and previous places a background investigation applicant may have lived, worked, or attended school. This information is used to interview employers, friends, and neighbors about the applicant, their conduct, and personal history, and to conduct local law enforcement checks at previous locations lived.

Have I been affected by the background investigation records incident?

Social Security Numbers (SSNs) of 21.5 million individuals were stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants.

If you are one of the following, you may have been affected:
        Current or former Federal government employee
        Member of the Military, or Veteran
        Current or former Federal contractor
        Job candidate required to complete a background investigation before your start date
        Spouse, co-habitant, minor child, close contact of any of the above groups


Sayonara925

  • Stubble
  • **
  • Posts: 131
  • Location: Point B
Re: For Federal Employees re: Data Breach
« Reply #25 on: July 10, 2015, 03:46:46 PM »
There is a petition circulating to get you free credit monitoring for life.  From what I understand, you are currently only getting 18 months of monitoring free.  This breach is worse than other financial breaches because it includes background info like mother's maiden name and siblings' names.  If you are interested, here is the link - https://petitions.whitehouse.gov/petition/provide-lifetime-identity-protection-federal-employees-who-were-victimized-breach-opm.

At this point the petition needs over 90,000 more signatures (less than 10,000 signatures vs over 21 million individuals affected, plus their relatives and acquaintances).  Not sure what happens if it comes up short by July 19th deadline.  Start over?



forummm

  • Walrus Stache
  • *******
  • Posts: 7374
  • Senior Mustachian
Re: For Federal Employees re: Data Breach
« Reply #26 on: July 10, 2015, 04:29:22 PM »
There is a petition circulating to get you free credit monitoring for life.  From what I understand, you are currently only getting 18 months of monitoring free.  This breach is worse than other financial breaches because it includes background info like mother's maiden name and siblings' names.  If you are interested, here is the link - https://petitions.whitehouse.gov/petition/provide-lifetime-identity-protection-federal-employees-who-were-victimized-breach-opm.

At this point the petition needs over 90,000 more signatures (less than 10,000 signatures vs over 21 million individuals affected, plus their relatives and acquaintances).  Not sure what happens if it comes up short by July 19th deadline.  Start over?

Maybe the 21+ million people don't know about the petition. If only there was some way to get all their personal information to send it to them....

Left

  • Handlebar Stache
  • *****
  • Posts: 1157
Re: For Federal Employees re: Data Breach
« Reply #27 on: July 10, 2015, 04:32:12 PM »
I'm not too worried about it myself (I'm one of those 21 million), for some reason I can't see someone hacking OPM just to steal my identity...

hacking the DMV or Visa for social security would be a lot easier :S

that said, if I did feel like I needed to, I might just go ahead and freeze my credit

Insanity

  • Handlebar Stache
  • *****
  • Posts: 1021
Re: For Federal Employees re: Data Breach
« Reply #28 on: July 11, 2015, 05:48:53 AM »
If people think this was done for Identity Theft, you are missing the bigger picture.  This type of attack is done to identify leverage points and people who can be threatened to get information.

Rural

  • Walrus Stache
  • *******
  • Posts: 5051
Re: For Federal Employees re: Data Breach
« Reply #29 on: July 11, 2015, 07:31:09 AM »
If people think this was done for Identity Theft, you are missing the bigger picture.  This type of attack is done to identify leverage points and people who can be threatened to get information.


Yep, but identity theft could make a profitable bonus.


I imagine my husband's may be among those clearances compromised. Depends how far back they go, though. Our credit's already frozen because Anthem.

PawPrint3520

  • 5 O'Clock Shadow
  • *
  • Posts: 23
Re: For Federal Employees re: Data Breach
« Reply #30 on: July 11, 2015, 11:24:16 AM »
Re how long, I haven't worked for the Feds for over 20 years and I received the letter from OPM.

Dr. Pepper

  • Stubble
  • **
  • Posts: 139
Re: For Federal Employees re: Data Breach
« Reply #31 on: July 11, 2015, 01:28:28 PM »
I'm a federal employee, not worried about the data breach, I froze my credit years ago. The reason I froze it was because I work in military health care and I realized anyone from the E1 who is taking the vitals to the doctors have access to all of my info through ALTHA, SSN, DOB, Address, etc. It would be easy for someone with malicious intent and access to the system to take lots of identities. It's fairly easy to do, you go to each of the three credit reporting companies, 1. Transunion, 2. Equifax 3. Experian and request to freeze your credit, it's different for each state, and different fees. But essentially what happens is when your credit is frozen, you nor anyone else can open new lines of credit with your info. Existing lines of credit are not effected when you freeze it. As an additional bonus it drastically cuts down on the number of credit card offers that come in the mail. If you want to unfreeze it to buy a car for example, you just go to the credit companies, and can unfreeze for a length of time, say 30 day window, apply for the new credit, and then it freezes automatically again. It's a much better system then the credit protection companies, and much cheaper.

Bearded Man

  • Handlebar Stache
  • *****
  • Posts: 1137
Re: For Federal Employees re: Data Breach
« Reply #32 on: July 11, 2015, 03:48:23 PM »
I'm a federal employee, not worried about the data breach, I froze my credit years ago. The reason I froze it was because I work in military health care and I realized anyone from the E1 who is taking the vitals to the doctors have access to all of my info through ALTHA, SSN, DOB, Address, etc. It would be easy for someone with malicious intent and access to the system to take lots of identities. It's fairly easy to do, you go to each of the three credit reporting companies, 1. Transunion, 2. Equifax 3. Experian and request to freeze your credit, it's different for each state, and different fees. But essentially what happens is when your credit is frozen, you nor anyone else can open new lines of credit with your info. Existing lines of credit are not effected when you freeze it. As an additional bonus it drastically cuts down on the number of credit card offers that come in the mail. If you want to unfreeze it to buy a car for example, you just go to the credit companies, and can unfreeze for a length of time, say 30 day window, apply for the new credit, and then it freezes automatically again. It's a much better system then the credit protection companies, and much cheaper.

Does it freeze and unfreeze in a matter of hours, minutes, days? This sounds like a good idea.

protostache

  • Pencil Stache
  • ****
  • Posts: 903
Re: For Federal Employees re: Data Breach
« Reply #33 on: July 13, 2015, 05:34:08 AM »
Does it freeze and unfreeze in a matter of hours, minutes, days? This sounds like a good idea.

In my experience it was immediate for two of them and a month for the other because I lost the unlock PIN and had to get it reset, which involved a bunch of registered mail flying back and forth (protip: never lose those unlock PINs!).

Anyone can freeze their own credit reports, and if you have minor children with SSNs you can freeze theirs as well until they're old enough to need to use credit.