Thread: OPM Data Breach

Originally Posted by kave

Well got my notification when I arrived to work this morning! Ok so I get the free monitoring for the next 18 months, these hackers know that too. It's the months 19 and beyond that I'm worried about!

Right, all they have to do is wait out the initial monitoring period.

I guess it's better than what we got after 911 - a flashlight, clear goggles, rubber gloves, a dust mask and a light stick wrapped around a trash bag(for us to crap in) tied up with a rubber band. I still have this in my desk drawer.

My guess is that server maintenance requests and personnel funding were denied so that travel could be approved for senior and middle managers to have a whoopdidoo somewhere and call it improving government.

FS

"Identity Risk Factors how many do you have?" (Ad at top of page! lol.) They can add 'Do you work for the Federal Government? Then YOU may be at risk, BUY NOW!'
I'm NOT lovin it Uncle Sam! ;swear

A couple interesting developments.


The link in Ms. Seymour's e-mail from her new address at CSID.com is blocked at work. I didn't have time to look in to it further as real work intruded. At what point does "real" work that I need to do real time become secondary to following up on the instructions of the Secretary, Assistant Secretary, senior management and their staff; and the OPM CIO?


This is starting to get real unreal. I would like to thank the cyber security staff for protecting us from trying to follow orders to protect ourselves since they can't protect us. Or something like that.


I followed the link given by Ms. Seymour in her new role as an apparent employee of CSID from home. I was underwhelmed. No confirmation e-mail to the address entered and when I "downloaded" the free credit report I actually could only review it on line.


I am sure Ms. Seymour is only doing what Ms. Archuleta told her to do. Looking at the OPM org chart you can't seem to find anyone in charge of cyber security.


Other interested entities have stated that the protection provided is not protection and we are on our own.


PO

Originally Posted by PessOptimist

Other interested entities have stated that the protection provided is not protection and we are on our own.
PO

Say what? Can you expound on who those "other interested entities" might be? official sources or unofficial sources with enough creds to warrant belief? just askin', I'm sure other inquiring minds would also be interested in that particular answer, PO. TIA

Two bargaining units and a few opinion articles I am too lazy to look up.

I DO realize the bargaining units have their own agenda.

PO

I got my notice Friday but haven't had a chance to do anything yet. I am going to freeze my credit with the 3 companies. I saw this morning on Govexec.com that they think the number hacked is up to 18 million.

Originally Posted by nasa1974

I got my notice Friday but haven't had a chance to do anything yet. I am going to freeze my credit with the 3 companies. I saw this morning on Govexec.com that they think the number hacked is up to 18 million.

It is now estimated that anyone who filed to get a job with the government had their data stolen.

Originally Posted by Frixxxx

It is now estimated that anyone who filed to get a job with the government had their data stolen.

Mr. XXXX, where did you see that?


Sent from my (Daughter forcing me to use an) iPhone using Tapatalk...

Originally Posted by dougscott

I received a notice as well, with the personally named notice and pin code, ... but I think the point being made is that the notices (at least what I received) did not come from a .gov address. It says it's from "OPM CIO" and the address is "opmcio@csid.com". I did not receive anything (addressed specifically to me) from a verifiable US Government address, yet. I took a look at the commercial webpage, but took no action and provided no data, yet.

CSDI is the company in charge of sending out notifications to DOD employees on behalf of OPM. Not sure if this company is responsible for all agencies or if there are other companies being used.

Edit: Dang it! I got fooled again. Didn't realize I was on the first page of this thread.

Originally Posted by jpcavin

CSDI is the company in charge of sending out notifications to DOD employees on behalf of OPM. Not sure if this company is responsible for all agencies or if there are other companies being used.

Edit: Dang it! I got fooled again. Didn't realize I was on the first page of this thread.

Yes, I realize that ... but it seems something should come from OPM.gov (the real OPM) that introduces the contractor they hired. Anyone can embed a fake message from OPM in a .com e-mail.