Notoriously Disgraceful Conduct: Is it only the little people who are taken to task?

Posted: 12:48 am EDT
Updated: 3:07 pm EDT

 

In March 2012, AFSA’s General Counsel Sharon Papp reported about a State Department proposal related to the “state of affairs” in the Foreign Service ….no, the other kind of affairs:

In 2011, the State Department proposed disciplinary action against a handful of employees for off-duty conduct that it had not sought to regulate in the past (i.e., extramarital affairs between consenting adults). 

When we reviewed several sex-related grievance cases in 2012, we came to the conclusion that from the agency’s view, widespread notoriety is not required to demonstrate an adverse effect on the efficiency of the Service. Further, the potential for embarrassment and damaged to U.S. interests seems as weighty as actual embarrassment and damage. See: Sex, Lies, and No Videotapes, Just Cases for the Grievance Board

We recently received the following in our mailbox (edited to remove the most identifying details):

The married DCM at the embassy of a major Middle East ally slept with a married ELO whose husband worked for him. He blamed his alcoholism. As “punishment,” he was assigned as DCM at a significant high risk/high threat post. Next up? One of the top jobs at an embassy located in a Western European country.  Where’s the accountability at State? Is it only the little people that are taken to task? 

Well, that is an excellent question given another allegation we’ve received about another front office occupant involved in domestic violence overseas (another story we hope to write another day).

Extra-marital affairs, of course, are not mentioned anywhere in the Foreign Affairs Manual but below is what the regs say on sexual activity (pdf) and what constitutes, “notoriously disgraceful conduct.” Both sections were last updated in 2012, and applies to Foreign Service employees at State and USAID:

3 FAM 4139.1 Sexual Activity
(CT:PER-673; 04-27-2012) (Uniform State/USAID) (Applies to Foreign Service Employees) 

The agencies recognize that, in our society, there are considerable differences of opinion in matters of sexual conduct, and that there are some matters which are of no concern to the U.S. Government. However, serious suitability concerns are raised by sexual activity by an individual which reasonably may be expected to hamper the effective fulfillment by the agencies of any of their duties and responsibilities, or which may impair the individual’s position performance by reason of, for example, the possibility of blackmail, coercion, or improper influence. The standards of conduct enumerated in 3 FAM 4138 are of particular relevance in determining whether the conduct in question threatens the mission of the employing agency or the individual’s effectiveness.

3 FAM 4139.14 Notoriously Disgraceful Conduct
(CT:PER-673; 04-27-2012) (Uniform State/USAID) (Applies to Foreign Service Employees) 

Notoriously disgraceful conduct is that conduct which, were it to become widely known, would embarrass, discredit, or subject to opprobrium the perpetrator, the Foreign Service, and the United States. Examples of such conduct include but are not limited to the frequenting of prostitutes, engaging in public or promiscuous sexual relations, spousal abuse, neglect or abuse of children, manufacturing or distributing pornography, entering into debts the employee could not pay, or making use of one’s position or immunity to profit or to provide favor to another (see also 5 CFR 2635) or to create the impression of gaining or giving improper favor. Disqualification of a candidate or discipline of an employee, including separation for cause, is warranted when the potential for opprobrium or contempt should the conduct become public knowledge could be reasonably expected to affect adversely the person’s ability to perform his or her own job or the agency’s ability to carry out its responsibilities. Evaluators must be careful to avoid letting personal disapproval of such conduct influence their decisions.

One might argue that an extra-marital affair between two consenting adults is a private matter.  And in most cases, it is; who wants to be the sex police?  But. If the allegations are true, can you really consider it private, particularly in a case that involves the second highest ranking public official at an embassy and an entry level officer (ELO) assigned under his command? Even if the DCM is not the ELO’s rating or reviewing officer —  how does this not affect the proper functioning of the mission? Can anyone exclude undue influence, potential favoritism or preferential treatment?  Which section chief would give a bad performance review to a junior officer who slept with the section chief’s own reviewing officer? Even if not widely known outside the Foreign Service, can anyone make a case that this is not disgraceful or notorious?  For real life consequences when a junior officer has a “special relationship” and “unrestricted access” to an embassy’s front office occupant, read the walking calamity illustrated in this case FSGBNo.2004-061 (pdf).

Look … if widespread notoriety is not required to demonstrate an adverse effect on the efficiency of the Service for the lower ranks, why should it be a requirement for the upper ranks?  It’s not? Well, how else can we explain a good number of senior officials who allegedly looked the other way?


Can’t you see I’m busy? Besides I did not/did not see anything!

 

We went and looked up the Foreign Service Grievance Board cases related extra-marital affairs or related to notoriously disgraceful conduct. Here are some quick summaries.

  • In 2011, the State Department handed down a 30-day suspension to a junior officer for “off-color and offensive emails about women he dated, which were widely disseminated” after his private email account was hacked.  State said this constituted “notoriously disgraceful conduct.” (pdf)
  • Another case in 2011 involves an FSO who was told by the State Department: “Given the nature of Foreign Service life, you are aware that you are on duty 24/7. These multiple extramarital affairs involving sexual relations with an estimated 13 women during two separate assignments overseas without your spouse’s knowledge show poor judgment for a Foreign Service Officer.” (pdf) (note: two separate assignments could mean 4-6 years; untenured tours at 2 years, tenured tours typically at 3 years).
  • A Diplomatic Security (DS) Special Agent was suspended for three days for Notoriously Disgraceful Conduct arising from a domestic violence incident with his spouse. (pdf)
  • A married FP-04 Information Management Specialist (IMS), received a 20-day suspension, subsequently reduced to 10 days, for improper personal conduct and failure to follow regulations. The employee served at a critical threat post, and admitted having an extramarital relationship with a local embassy employee as well as engaging in sexual relations with two “massage techs.” (pdf)
  • An untenured FP-04 Diplomatic Security (DS) agent was disciplined for poor judgment and improper personal conduct. The employee brought a  woman to his hotel room and engaged in sex with her. Although the employee voluntarily disclosed the incident and asserted that the woman was not a prostitute, the Department contends that the incident at a minimum gave the appearance of engaging in prostitution and as such violated 3 FAM 4139.14 or Notoriously Disgraceful Conduct. (pdf)
  • A married FS-02 Information Management Officer (IMO) with seventeen years in the Department, with numerous awards and no disciplinary record, was found in his personal vehicle that was parked in an isolated area, and in a dazed condition with injuries suggesting he had been assaulted. He stated that during the prior night he had picked up a woman unknown to him, shared wine with her while driving, pulled over to the side of the road and then had no recollection of what followed, presumably because she had introduced a substance into his drink. During the ensuing investigation, the employee revealed he had picked up four or five women on previous occasions over a four-month period and had sex with them without the knowledge of his wife.  As a result, the Department proposed a ten-day suspension based on the charges of Poor Judgment and Notoriously Disgraceful Conduct. (pdf)
  • An FP-04 Diplomatic Security (DS) agent was given a five-day suspension without pay on the charge of Improper Personal Conduct. The charge is based on an incident in a criterion country in which employee (an unmarried person) engaged in consensual sex with a local woman and gave her $60.00 after the sexual activity had concluded. There was no evidence that the woman was a prostitute and there were no witnesses to their encounter. The employee self-reported the incident immediately to his supervisors, who took no disciplinary action. Eighteen months later, the Department opened an investigation and eventually suspended the employee. The deciding official concluded that employee’s conduct had violated two regulations governing behavior subject to discipline: 3 FAM 4139.1 (Sexual Activity) and 3 FAM 4139.14 (Notoriously Disgraceful Conduct). (pdf)

So —

We have so far been unable to locate FSGB cases of “notoriously disgraceful conduct” involving senior Foreign Service officials; certainly nothing at the DCM or COM level. It could be that 1) our search function is broken; 2) the folks are so risk-aversed and discreet that there are no cases involving a single one of them, or 3) potential such cases were swept under the rug, nothing makes it to the public records of the Foreign Service Grievance Board.

Which.Is.It? Will accept breadcrumbs …

#

OPM to Charge Agencies for Credit Monitoring Offered to Federal Employees

Posted: 2:32 am EDT

 

The latest update from “M” on the OPM breach dated July 15, notes that “The State Department never transferred personnel records to the OPM facility. However, if you had other U.S. Government service prior to joining State, you may have had records that were involved.” On the background information breach, it says that “State Department employees’ SF-85 and SF-86 forms (depending on the appointment) were in the OPM system and thus were impacted. However, other background investigation material was not.”

If you have additional questions email DG DIRECT [DGDIRECT@STATE.GOV] or OPM’s new email: cybersecurity@opm.gov

AFSA’s latest update to its membership is dated July 10 and available to read here.

Some developments on the fallout from the data breach:

 

.

.

.

.

.

.

.

.

.

.

#

 

We Meant Well, Afghanistan Edition: Ghost Students, Ghost Teachers, Ghost Schools, Ugh!

Posted: 1:16 am  PDT

 

.

Excerpt:

Over and over, the United States has touted education — for which it has spent more than $1 billion — as one of its premier successes in Afghanistan, a signature achievement that helped win over ordinary Afghans and dissuade a future generation of Taliban recruits. As the American mission faltered, U.S. officials repeatedly trumpeted impressive statistics — the number of schools built, girls enrolled, textbooks distributed, teachers trained, and dollars spent — to help justify the 13 years and more than 2,000 Americans killed since the United States invaded.

But a BuzzFeed News investigation — the first comprehensive journalistic reckoning, based on visits to schools across the country, internal U.S. and Afghan databases and documents, and more than 150 interviews — has found those claims to be massively exaggerated, riddled with ghost schools, teachers, and students that exist only on paper. The American effort to educate Afghanistan’s children was hollowed out by corruption and by short-term political and military goals that, time and again, took precedence over building a viable school system. And the U.S. government has known for years that it has been peddling hype.
[…]
USAID program reports obtained by BuzzFeed News indicate the agency knew as far back as 2006 that enrollment figures were inflated, but American officials continued to cite them to Congress and the American public.

As for schools it actually constructed, USAID claimed for years that it had built or refurbished more than 680, a figure Hillary Clinton cited to Congress in 2010 when she was secretary of state. By 2014, that number had dropped to “more than 605.” After months of pressing for an exact figure, the agency told BuzzFeed News the number was 563, a drop of at least 117 schools from what it had long claimed.
.

Last week, we were looking for clinics.

What’s next … ghost soldiers? Oops, that’s already an old story?

#

Burn Bag: Unclear on the concept?

Via Burn Bag:

During Ramadan our FSNs fast during the day. In an effort to build unity, our political section is holding its second offsite in 6 months for 7 Americans and 10 FSNs. They are paying a speaker over a thousand dollars to lecture on diversity in the workplace. Coffee breaks and a fancy lunch will be catered for the Americans. 

via Doctor Who Tumblr

via Doctor Who Tumblr

#

FSNs – Foreign Service Nationals also known as Locally Employed Staff (LES).

#OPMBreach: Back to Paper SF-86s, No More Social Media at OPM, Scary Movie Chinese Edition

Posted: 2:15 pm EDT

.

.

.

.

.

.

 

Related Posts:

 

OPM Hit By Class Action Lawsuit, and Those Phishing Scams You Feared Over #OPMHack Are Real (Corrected)

Posted: 7:16 pm  EDT

 

The largest federal employee union, the American Federation of Government Employees, filed a class action lawsuit today against the Office of Personnel Management, its director, Katherine Archuleta, its chief information officer, Donna Seymour and Keypoint Government Solutions, an OPM contractor.
.

.

.
A couple of weeks ago, we thought that the “recipe” from the OPM email notification sent to potentially affected employees via email might be copied by online scammers.

.

 

Today, the United States Computer Emergency Readiness Team (US-CERT), part of part of DHS’ National Cybersecurity and Communications Integration Center (NCCIC) issued an alert on phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID.

#

OPM Announces Temporary Suspension of the E-QIP System For Background Investigation

Posted: 12:19 am EDT

 

On June 29, OPM announced the temporary suspension of the online system used to submit background investigation forms.  The system could be offline from 4-6 weeks.  Below via opm.gov:

WASHINGTON, D.C. – The U.S. Office of Personnel Management today announced the temporary suspension of the E-QIP system, a web-based platform used to complete and submit background investigation forms.

Director Katherine Archuleta recently ordered a comprehensive review of the security of OPM’s IT systems. During this ongoing review, OPM and its interagency partners identified a vulnerability in the e-QIP system. As a result, OPM has temporarily taken the E-QIP system offline for security enhancements. The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.

OPM expects e-QIP could be offline for four to six weeks while these security enhancements are implemented. OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as it is safe to do so.  In the interim, OPM remains committed to working with its interagency partners on alternative approaches to address agencies’ requirements.

“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls,” said OPM Director Archuleta. “This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”

#

Meanwhile, on June 22, AFSA sent a letter to OPM Director Katherine Archuleta with the following requests:

Screen Shot 2015-06-29

via afsa.org (click for larger view)

 

On June 25, AFSA is one of the 27 federal-postal employee coalition groups who urge President Obama to “immediately appoint a task force of leading agency, defense/intelligence, and private-sector IT experts, with a short deadline, to assist in the ongoing investigation, apply more forceful measures to protect federal personnel IT systems, and assure adequate notice to the federal workforce and the American public.”  (read letter here: AFSA Letter sent in conjunction with the Federal-Postal Coalition |June 25, 2015 | pdf)

#

“M” Writes Update to State Department Employees Regarding OPM Breach

Posted: 1:36 pm EDT

 

It took 18 days before I got my OPM notification on the PII breach. Nothing still on the reported background investigation breach. OPM says it will notify those individuals whose BI information may have been compromised “as soon as practicable.”  That might not happen until the end of July! The hub who previously worked for State and another agency has yet to get a single notification from OPM. We have gone ahead and put a fraud alert for everyone in the family. What’s next? At the rate this is going, will we soon need fraud alerts for the pets in our household? They have names and passports, and could be targeted for kidnapping, you guys!!

And yes, I’ve watched the multiple OPM hearings now, and no, I could not generate confidence for the OPM people handling this, no matter how hard I try. Click here for the timeline of the various breaches via nextgov.com, some never disclosed to the public.

Still waiting for the White House to do a Tina Fey:

you're all fired

via giphy.com

On June 25, the Under Secretary for Management, Patrick Kennedy sent a message to State Department employees regarding the OPM breach. There’s nothing new on this latest State update that we have not seen or heard previously except the detail from the National Counterintelligence and Security Center (NCSC) at http://www.ncsc.gov (pdf) on how to protect personal information from exploitation (a tad late for that, but anyways …) because Foreign Intelligence Services and/or cybercriminals could exploit the information and target you.

Wait, what did OPM say about families? “[W]e have no evidence to suggest that family members of employees were affected by the breach of personnel data.” 

Via the NCSC:

Screen Shot 2015-06-26

no kidding!

Screen Shot 2015-06-26

you don’t say!

Here is M’s message from June 25, 2015 to State employees. As far as we know, this is the first notification posted publicly online on this subject, which is  good as these incidents potentially affect not just current employees but prospective employees, former employees, retirees and family members.

Dear Colleagues,

I am writing to provide you an update on the recent cyber incidents at the U.S. Office of Personnel Management (OPM) which has just been received.

As we have recently shared, on June 4th, OPM announced an intrusion impacting personnel information of approximately four million current and former Federal employees. OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. Additional information is available on the company’s website, https://www.csid.com/opm/ and by calling toll-free 844-777-2743 (international callers: call collect 512-327-0705). More information can also be found on OPM’s website: www.opm.gov.

Notifications to individuals affected by this incident began on June 8th on a rolling basis through June 19th. However, it may take several days beyond June 19 for a notification to arrive by email or mail. If you have any questions about whether you were among those affected by the incident announced on June 4, you may call the toll free number above.

On June 12th, OPM announced a separate cyber intrusion affecting systems that contain information related to background investigations of current, former, and prospective Federal Government employees from across all branches of government, as well as other individuals for whom a Federal background investigation was conducted, including contractors. This incident remains under investigation by OPM, the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI). The investigators are working to determine the exact number and list of potentially affected individuals. We understand that many of you are concerned about this intrusion. As this is an ongoing investigation, please know that OPM is working to notify potentially affected individuals as soon as possible. The Department is working extensively with our interagency colleagues to determine the specific impact on State Department employees.

It is an important reminder that OPM discovered this incident as a result of the agency’s concerted and aggressive efforts to strengthen its cybersecurity capabilities and protect the security and integrity of the information entrusted to the agency. In addition, OPM continues to work with the Office of Management and Budget (OMB), the Department of Homeland Security, the FBI, and other elements of the Federal Government to enhance the security of its systems and to detect and thwart evolving and persistent cyber threats. As a result of the work by the interagency incident response team, we have confidence in the integrity of the OPM systems and continue to use them in the performance of OPM’s mission. OPM continues to process background investigations and carry out other functions on its networks.

Additionally, OMB has instructed Federal agencies to immediately take a number of steps to further protect Federal information and assets and improve the resilience of Federal networks. We are working with OMB to ensure we are enforcing the latest standards and tools to protect the security and interests of the State Department workforce.

We will continue to update you as we learn more about the cyber incidents at OPM. OPM is the definitive source for information on the recent cyber incidents. Please visit OPM’s website for regular updates on both incidents and for answers to frequently asked questions: www.opm.gov/cybersecurity. We are also interested in your feedback and questions on the incident and our communications. You can reach out to us at DG DIRECT (DGDirect@state.gov) with these comments.

State Department employees who want to learn additional information about the measures they can take to ensure the safety of their personal information can find resources at the National Counterintelligence and Security Center (NCSC) at http://www.ncsc.gov. The following are also some key reminders of the seriousness of cyber threats and of the importance of vigilance in protecting our systems and data.

Steps for Monitoring Your Identity and Financial Information

  • Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
  • Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
  • Review resources provided on the FTC identity theft website, www.Identitytheft.gov. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
  • You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion® at 1-800-680-7289 to place this alert. TransUnion® will then notify the other two credit bureaus on your behalf.

Read in full here.

#

State Department to Get a Holodeck to Train U.S. Diplomats, Star Trek Replicator Not Included

Posted: 2:17 am  EDT

 

The Foreign Service Institute will soon have an  Immersive Virtual Environment to train our diplomats.  The solicitation calls it a “Holodeck Projection Solution” and it is an intended addition to the school’s Innovation Lab.

Really, something like this?

 

In early 2014, Wired reported that the Army Contracting Command issued a Sources Sought notice for companies interested in demonstrating “mature technologies” for military training.  The report noted that Northrop Grumman thinks its Virtual Immersive Portable Environment (VIPE) Holodeck just may be the answer.  The VIPE Holodeck 360 degree virtual training system provides users with a high-fidelity immersive environment with a variety of mission-centric applications, including simulation and training, mission rehearsal and data visualization. The VIPE Holodeck can support live, virtual and constructive simulation and training exercises including team training, cultural and language training and support for ground, air and remote platform training.

The U.S. Army required  white paper and demo from interested companies with the requirement spelled out here.

The announcement said that the Army lacked the capability to rapidly assess, adapt and replicate the complex nature of the operational environment and applicable Joint, Interagency, International, Multinational (JIIM) enablers to conduct realistic training and develop adaptive Leaders at Home Station. Associated Areas of interest for NIE 15.1 Include:

Provide an Augmented Reality (AR) capability that can be utilized by individual Soldiers or Small units (Company & below) to integrate (simulated) Joint and other combined arms enablers (e.g., indirect/FA fires, aerial delivery of supplies, CAS) during live training events, (with the ability to support multi-echelon training at Home Station when required).

It looks like, the U.S. Army was actually looking not only into the capability gaps, it also knows what that immersive virtual environment will be used for.

We can’t say the same for the State/FSI solicitation for a holodeck.

FSI will have an  Immersive Virtual Environment to train our diplomats but it does not say what kind of immersive training it will be used for. It requires vendor to “provide any necessary training” but does not identify what training content is required.  Is this for an immersive congressional hearing environment?  Language training? Death notification simulations for non-consular officers working as duty officers? Will our diplomats be doing intergalactic diplomatic negotiations on alien planets?  The solicitation does not say.  What’s next?  A follow-up solicitation for vendors to write virtual environment simulations for diplomats? A solicitation for the script for those simulations?

Here’s a clip from The Void, a company that says “you will walk into new dimensions and experience worlds without limits. From fighting intergalactic wars on alien planets, to casting spells in the darkest of dungeons, THE VOID presents the future of entertainment. Only limited by imagination, our advanced Virtual-Reality technologies allow you to see, move, and feel our digital worlds in a completely immersive and realistic way.”

Folks, please let us know when the FSI cafeteria gets a replicator.

 

Via fedbiz:

The Foreign Service Institute (FSI) is the Federal Government’s primary training institution for officers and support personnel of the U.S. foreign affairs community, preparing American diplomats and other professionals to advance U.S. foreign affairs interests overseas and in Washington. At the George P. Shultz National Foreign Affairs Training Center (NFATC), the FSI provides more than 450 courses, including some 70 foreign languages, to more than 50,000 enrollees a year from the State Department and more than 40 other government agencies and the military service branches.

The NFATC is seeking to have an Immersive Virtual Environment display capability added to its Innovation Lab classroom.

Holodeck Projection Solution

FSI has a space that has three walls arranged in a U-shape with 90° angles between each wall. Each wall is approximately 15ft long by 8ft in height. The vendor will provide a solution to project images on three walls (surfaces) in order to produce an immersive space for training.

The solution must include the following:

• A source computer capable of processing, rendering, and outputting high-end digital video and graphics.

• The source computer must have the ability to have a WiFi network connection, run on latest version of its operating system, and be capable of outputting four (4) video feeds each 1920×1080 or greater; three for the walls/surfaces and one for local monitoring.

• Video processing must…

* Accommodate to the angles in the U shape layout and adjust for the perspective change (i.e. a “wrapped” image). The system must display images from the perspective of a viewer standing in the center of the U as they look around them.

* Be able to show content independently and in a variety of combinations. (i.e. a separate image on each surface simultaneously; two images split between the three surfaces; and other combinations.)

• An audio solution for the immersive space driven from the controlling PC.

• The walls painted or finished with a suitable projection surface.

• Projectors placed so as to minimize shadows from people standing in the immersive environment.

•Projectors with a native resolution of 1920×1080 or greater and a contrast ratio of 2000 to 1 or greater.

This requirement will include all necessary projection equipment, mounts, PC, installation, cabling, wall plates, video processing and wall surface paint/material for a turnkey room.

• Vendor will document all cabling & design and present to FSI in an editable electronic & printed format when the work is completed.

• Vendor will document all equipment serial information and present to FSI in an electronic format (MS Excel or equivalent) when work is completed.

•  Vendor shall provide any necessary training.

Paging Starfleet, is this all you need for a holodeck?

#

 

ALL Foreign Affairs Agencies Affected By #OPMHack: DOS, USAID, FCS, FAS, BBG and APHIS

Posted: 6:15  pm  PDT

 

AFSA has now issued a notice to its membership on the OPM data breach. Below is an excerpt:

On Thursday June 4, the Office of Personnel Management (OPM) became aware of a cybersecurity incident affecting its systems and data. AFSA subsequently learned that the Personally Identifiable Information (PII) of many current and former federal employees at the foreign affairs agencies have been exposed as a result of this breach.

The most current information provided to AFSA indicates the following: Most current, former and prospective federal employees at ALL foreign affairs agencies have been affected by this breach. That includes the State Department, USAID, FCS, FAS, BBG and APHIS. OPM discovered a new breach late last week which indicates that any current, former or prospective employee for whom a background investigation has been conducted is affected.

In the coming weeks, OPM will be sending notifications to individuals whose PII was potentially compromised in this incident. The email will come from opmcio@csid.comand it will contain information regarding credit monitoring and identity theft protection services being provided to those federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service. All the foreign affairs agencies suggest that those affected should contact the firm listed below. Members of the Foreign Commercial Service may additionally contact Commerce’s Office of Information Security at informationsecurity@doc.gov.

As a note of caution, confirm that the email you receive is, in fact, the official notification. It’s possible that malicious groups may leverage this event to launch phishing attacks.  To protect yourself, we encourage you to check the following:

  1. Make sure the sender email address is “opmcio@csid.com“.
  2. The email is sent exclusively to your work email address. No other individuals should be in the To, CC, or BCC fields.
  3. The email subject should be exactly “Important Message from the U.S. Office of Personnel Management CIO”.
  4. Do not click on the included link. Instead, record the provided PIN code, open a web browser, manually type the URL http://www.csid.com/opm into the address bar and press enter. You can then use the provided instructions to enroll using CSID’s Web portal.
  5. The email should not contain any attachments. If it does, do not open them.
  6. The email should not contain any requests for additional personal information.
  7. The official email should look like the sample screenshot below.
image via afsa.org

image via afsa.org

Additional information has been made available on the company’s website, www.csid.com/opm, and by calling toll-free 844-777-2743 (International callers: call collect 512-327-0705).

Agency-Specific Points of Contact:

If you have additional questions, contact AFSA’s constituency vice presidents and representatives:

Read the full announcement here.

Amidst this never ending round of data breaches, go ahead and read Brian Krebs’ How I Learned to Stop Worrying and Embrace the Security Freeze. The USG is not offering to pay the cost of a credit freeze but it might be worth considering.

Of course, the security freeze does not solve the problem if the intent here goes beyond stealing USG employees’ identities.   If the hackers were after the sensitive information contained in the background investigations, for use at any time in the future, not sure that a credit freeze, credit monitoring and/or ID thief protection can do anything to protect our federal employees.

Security clearance investigations, by their very nature, expose people’s darkest secrets — the things a foreign government might use to blackmail or compromise them such as drug and alcohol abuse, legal and financial troubles and romantic entanglements. (via)

I understand why the USG has to show that it is doing something to address the breach but — if a foreign government, as suspected, now has those SF-86s, how can people protect themselves from being compromised? If this is not about compromising credit, or identities of USG employees but about secrets, credit monitoring and/or ID thief protection for $20 Million will be an expensive but useless response, wouldn’t it?

#