OPM Hack Victims Must Re-Enroll Starting December 1 to Keep Monitoring Services

Posted: 12:37 am ET
[twitter-follow screen_name=’Diplopundit’ ]

 

Some former and current federal employees whose personal data was compromised in the OPM data breach will have to re-enroll starting December 1 to continue receiving monitoring protection from a USG contractor. OPM doesn’t say what will happen to the data, feds and former feds have already submitted to CSID, but folks who have enrolled in that service will no longer have access to their CSID account when that contract expires on December 1. The Government Executive is reporting that as many as 600,000 individuals impacted by the initial hack will need to re-enroll to continue monitoring services through ID Experts. How is it that CSID is not able to port data over to ID Experts? Below from OPM:

OPM is announcing a change to the credit monitoring and identity protection service provider that will affect a subset of individuals impacted by the personnel records cyber incident announced in the summer of 2015. Most impacted individuals will not experience any change to their current coverage, and do not need to take any action, but a subset of individuals will need to re-enroll to continue coverage.

OPM currently uses two different companies to provide credit monitoring and identity protection services free of charge to impacted individuals. Winvale/CSID covers the 4.2 million individuals impacted by the personnel records cyber incident and ID Experts (MyIDCare) covers the 21.5 million individuals impacted by the background investigations cyber incident. As of December 1, coverage under Winvale/CSID will expire.

Credit monitoring and identity protection services from Winvale/CSID expire on December 1, 2016. Once services with Winvale/CSID expire, you will no longer have access to information in your Winvale/CSID account. If you wish to review or print your credit reports or other monitoring information from your Winvale/CSID account, please log in to your account prior to December 1.

As of December 2, 2016 all individuals impacted by either incident will be eligible for coverage through ID Experts (MyIDCare).

According to OPM, individuals currently covered by ID Experts (MyIDCare) will not experience a change in their coverage or service at this time and do not need to take any action. More:

Starting December 1, individuals previously covered by Winvale/CSID will be offered services through IDExperts (MyIDCare). Impacted individuals will also still be automatically covered by identity restoration and identity theft insurance, but you will need to re-enroll with ID Experts (MyIDCare) if you would like to continue to receive monitoring services.

Most of the individuals covered by Winvale/CSID were also impacted by the background investigation records cyber incident. These individuals should already have received a letter from OPM inviting them to enroll in services with ID Experts (MyIDCare) and providing them with a 25-digit PIN code.

If you previously received a notification letter in connection with the background investigation records incident and wish to enroll with ID Experts (MyIDCare) now, you will need to use the 25-digit PIN code provided in this letter. Click here if you have your 25-digit PIN code and wish to enroll now.

If you believe you previously received a notification letter in connection with the background investigation records incident, but no longer have your original notice, you can visit the Verification Center to obtain a duplicate copy by U.S. Postal Service.

If you are in the subset of individuals who were not impacted by the background investigations incident, you will be receiving a new notification letter from OPM via the U.S. Postal service with a 25-digit PIN that you can use to enroll with ID Experts (MyIDCare). We expect to mail the majority of these notifications in November 2016.

Note that OPM makes clear that ID Experts cannot enroll victims without the 25-digit PIN code and cannot provide former/current employees with a PIN code over the phone.

Read more here: https://www.opm.gov/cybersecurity/ and https://www.opm.gov/cybersecurity/personnel-records/.

And while you’re reading how to re-enroll, you might want to read about grafted fingerprints and hackers’ long term intention, because why not?  If the data has not surfaced for sale, we have to wonder what was that hack about?

 

#

 

 

OPM Data Breach Victims Get New Verification Site Through DOD, ID Protection Services Through ID Experts

Posted: 1:23 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

 

OPM’s Cybersecurity Resource Center allows individuals impacted by the hack to sign up for protection services through ID Experts or verify if one is impacted by the data breach through DOD.

OPM says that while it is “not aware of any misuse of your information,” it is offering victims and dependent minor children who were under the age of 18 as of July 1, 2015, credit and identity monitoring, identity theft insurance, and identity restoration services for the next three years “through ID Experts, a company that specializes in identity theft protection.”

According to OPM, the identify thief insurance became effective on September 1, 2015 and the scope of the coverage includes all claims submitted on or prior to December 31, 2018. This insurance covers expenses incurred in restoring identity and is valid for amounts up to $1,000,000 with no deductible.

If you received a notification letter and PIN code from the Office of Personnel Management, OPM has determined that your Social Security Number and other personal information was stolen in a cyber intrusion involving background investigation records. You have to sign up for MyIDCare to access the protection if offers.

Screen Shot

OPM has published what its notification letters look like:

The Federal Government has also set up a verification center to assist individuals who have lost their PIN code or believe their data may be impacted but have not yet received notification letters. If you believe that you were impacted, but have not yet received your notification letter, OPM asks that you wait until mid-December before contacting the verification center. The Federal Government anticipates completing the mailing of notification letters by the end of the second week in December.

To verify by phone, call 866-408-4555 Toll Free; 503-520-4453 International; 503-597-7662 TTY or verify online here through DOD.

The https://opmverify.dmdc.osd.mil verification website offered through the Department of Defense says that its purpose is “To provide breach notification and facilitate the provision of breach mitigation services to individuals affected by the breach of information in the Office of Personnel Management (OPM) background investigation databases.”

DoD will also “use the data to respond to breach verification inquiries received from individuals using the link on OPM’s website that redirects individuals to a DoD website where they can enter their information to find out if they have been affected by this breach. These records may also be used for tracking, reporting, measuring, and improving the Department’s effectiveness in implementing this data breach notification.”

Screen Shot 2015-12-01

Click here for the Frequents Asked Questions. If you have already enrolled and have questions or concerns about your post-enrollment services, you may call OPM’s 800-750-3004.

 

Related posts:

#

OPM Spends $133 Million on Credit Monitoring, Still No Credit Freeze

Posted: 12:34 am PDT
[twitter-follow screen_name=’Diplopundit’ ]

 

On September 1, OPM announced the $133M contract for identity thief protection and credit monitoring services for the 21.5 million individuals affected by the massive OPM breach that includes security clearance data. Our go-to expert on this says that “perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft.” Excerpt from Krebs on Security:

The only step that will reliably block identity thieves from accessing your credit file — and therefore applying for new loans, credit cards and otherwise ruining your good name — is freezing your credit file with the major credit bureaus. This freeze process — described in detail in the primer, How I Learned to Stop Worrying and Embrace the Security Freeze — can be done online or over the phone. Each bureau will give the consumer a unique personal identification number (PIN) that the consumer will need to provide in the event that he needs to apply for new credit in the future.

Here is part of the OPM announcement:

The U.S. Office of Personnel Management (OPM) and the U.S. Department of Defense (DoD) today announced the award of a $133,263,550 contract to Identity Theft Guard Solutions LLC, doing business as ID Experts, for identity theft protection services for 21.5 million individuals whose personal information was stolen in one of the largest cybercrimes ever carried out against the United States Government. These services will be provided at no cost to the victims whose sensitive information, including Social Security numbers, were compromised in the cyber incident involving background investigations.

“We remain fully committed to assisting the victims of these serious cybercrimes and to taking every step possible to prevent the theft of sensitive data in the future,” said Beth Cobert, Acting Director of the Office of Personnel Management. “Millions of individuals, through no fault of their own, had their personal information stolen and we’re committed to standing by them, supporting them, and protecting them against further victimization. And as someone whose own information was stolen, I completely understand the concern and frustration people are feeling.”

ID Experts will provide all impacted individuals and their dependent minor children (under the age of 18 as of July 1, 2015) with credit monitoring, identity monitoring, identity theft insurance, and identity restoration services for a period of three years. This task order was awarded under GSA’s Blanket Purchase Agreements (BPA) for Identity Monitoring, Data Breach Response and Protection Services which GSA awarded today.

The U.S. Government, through the Department of Defense, will notify those impacted beginning later this month and continue over the next several weeks. Notifications will be sent directly to impacted individuals.

 .

.

.

.

.

Heard that? Crickets.

#

%d bloggers like this: