Burn Bag: Family Members Not Affected by #OPMHack? Here’s the Missing GIF From OPM’s Website

Via Burn Bag:

OPM, in the FAQ section of the CSID website, declares that our family members were “not affected by this breach. The only data potentially exposed as a result of this incident is your personal data.”  Thus, our family members cannot use the credit monitoring and identity theft protection services.  But wait.  My spouse’s name, date of birth, place of birth, passport number, and social security number were listed in my SF-86.  And my SF-86 has been compromised.  So hasn’t my spouse been “affected” by this breach, too?

So far no one has been fired, no one has accepted responsibility for the breach, and the OPM notification letter says, “Nothing in this letter should be construed as OPM or the U.S. Government accepting liability for any of the matters covered by this letter or for any other purpose.”

via reactiongifs.com

via reactiongifs.com

Related items:


2 responses

  1. The principal thing we have to understand is that OPM is not even asking the right questions yet. Credit monitoring is fine, but it does not really solve the problem of compromised personal data. OPM should be focusing on bolting the barn door, just in case a few of the horses haven’t gone, and notifying people if their information has been compromised. Those who have been compromised should consider putting a freeze on their credit, or, at a minimum, a 90-day fraud alert, in addition to changing and upgrading their passwords. Diplopundit recently published a very helpful link on actions folks should consider. Here it is: http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

  2. I don’t get the statement that family members are not affected. My spouse is a foreign citizen. I had to provide all sorts of data for him from passport number and details, visa number and details, bank account numbers, and all POB, DOB etc data. Often non citizen family members are very much affected. This came up in the context of the STOCK Act initial requirement (eventually dropped) for posting the financial disclosures on a central Government Ethics website, thereby doing a lot of collection work for our adversaries once again.

    This stream of compromises that affect real individuals from Wikileaks on suggest that perhaps the USG should not collect or store certain sensitive personal data electronically, at least not in such a way that it is vulnerable. Rein in the collection and amount and type of data, revert to paper for some of it, store it in a way that is disconnect from the internet and phone lines… (I am getting out of my depth here).

    The more I think about it, the more serious I think this is. And yet another indication that Congress is part and parcel of putting the federal government in the hands of persons not equipped for the job and not doing the right job, and refuses to pony up the funding needed to do the job right.