Thread: FEDERAL EMPLOYEE DATA STOLEN!

I'm gonna take all of my money out, and buy gold with it!

I am not sure I am supposed to have this e-mail but do and am sending it along including an attachment from the White House and two from Ms. Archuleta.

I deleted the to: part to protect federal employee information. While trying to attach the two additional files I find my internet connection went away and now I cannot attach them. I must be doing something wrong. Here is what I think may post now.

From: Carter, Jennifer C [Jennifer.Carter@Hq.Doe.Gov]
Sent: Thursday, July 09, 2015 1:08 PM
Subject: RE: IMPORTANT!!!!


Good afternoon all,

Please find the attached documents which were embargoed until 3:15pm today.


Also see link:
https://www.opm.gov/news/releases/20...ps-to-protect-


federal-workers-and-
others-from-cyber-threats/

Unfortunately OPM has determined that background investigation records of


current, former, and
prospective Federal employees and contractors have been compromised to


include the types of
information in these records, such as Social Security Numbers; residency and


educational history;
employment history; information about immediate family and other personal and


business
acquaintances; health, criminal and financial history; and other details.


Some records also include
findings from interviews conducted by background investigators and


fingerprints. Usernames and
passwords that background investigation applicants used to fill out their


background investigation forms
were also stolen.

OPM is advising that this incident is separate but related to a previous


incident, discovered in April 2015,
affecting personnel data for current and former Federal employees. OPM and


its interagency partners
concluded with a high degree of confidence that personnel data for 4.2


million individuals had been
stolen. This number has not changed since it was announced by OPM in early


June, and OPM has
worked to notify all of these individuals and ensure that they are provided


with the appropriate support
and tools to protect their personal information.

After the analysis of the OPM background investigation incident OPM is


advising that the OPM team has
now concluded with high confidence that sensitive information, including the


Social Security Numbers
(SSNs) of 21.5 million individuals, was stolen from the background


investigation databases. This includes
19.7 million individuals that applied for a background investigation, and 1.8


million non-applicants,
predominantly spouses or co-habitants of applicants. As noted above, some


records also include
findings from interviews conducted by background investigators and


approximately 1.1 million include
fingerprints. There is no information at this time to suggest any misuse or


further dissemination of the
information that was stolen from OPM’s systems.

Please review the Background Investigation Press Release to review the steps


OPM is announcing to
protect those impacted, which include providing a comprehensive suite of


monitoring and protection
services for background investigation applicants and non-applicants whose


Social Security Numbers, and
in many cases other sensitive information, were stolen.

We are scheduled to meet on behalf of the LMF next Wed July 15 and I will see


about designating some
time on the agenda to discuss this matter for those interested.

Very Respectfully,


Jennifer Carter
Department Labor Management/Employee Relations Specialist
Human Capital Policy & Accountability Division
U.S. Dept. of Energy
Attachment 34441

Going to try the other two attachments. Maybe I can only attach so much at a time?

No luck. No biggie, just CYA from the White House Press Secretary and OPM press release.

Govexec.com has 4 articles about the OPM breach.
Government News, Research and Events for Federal Employees - GovExec.com



Second OPM Data Breach Hit 21.5 Million, Included Fingerprints

Hack affected nearly everyone that underwent a background investigation through OPM in 2000 or later. July 9 54 Comments


OPM Doesn't Know Who It Will Hire to Protect the 21.5 Million Individuals Affected by Hack The agency said it would notify 21.5 million ...9:31 AM ET


Agencies Finally Move to Stronger Sign-ons as OPM Breach Widens to 21 Million Officials now say the massive breach of background check and ... July 9 3 Comments


OPM to Pitch Free Credit and Identity Theft Monitoring for All Feds, Hacked or Not The agency will work with stakeholders to develop the ... July 9 5 Comments

crazy thing to me is that even tho I've been a fed for nigh on 30 years now, I had to go through the fingerprinting and new sec clearance from 2010 or therabouts, so I could have my genuinely secure LinkPass to get in my office building and log on my computer. which was never needed up til then. Oh, and had to go through fingerprint re-verification last year to keep my linkpass, even tho I haven't changed job locations in 15 years. the more secure we are, the less safe we are, eh? lesson in there somewhere.

Originally Posted by alevin

crazy thing to me is that even tho I've been a fed for nigh on 30 years now, I had to go through the fingerprinting and new sec clearance from 2010 or therabouts, so I could have my genuinely secure LinkPass to get in my office building and log on my computer. which was never needed up til then. Oh, and had to go through fingerprint re-verification last year to keep my linkpass, even tho I haven't changed job locations in 15 years. the more secure we are, the less safe we are, eh? lesson in there somewhere.

Got the same issue. The DoD forced us to go through the process a number of years ago - but after the 2000 cutoff date...

Anyway, imagine what some intelligent intelligence agency could do with your digitized fingerprint. I mean, when you use a fingerprint for security (like a door) the device digitizes it and pattern matches it. Well, the Chicoms got it. A new meaning of 'An Open Door Policy'!!!

Finally, NASA links to an article stating that OPM doesn't know who to contract out for regarding this larger breached population (which is actually a plus up of the previous - so it really is a CYA of the same). Does that make us comfortable. Just think, the last vendor had long waits and bad service plus an incredibly dumb method of getting the notification out. What do you think they are doing with the information you provide them. They seem a bit overworked, eh... Personally, I do not trust ignits and lowest bid contractors with my bank and credit card information... Oh well...

And I still haven't been notified of anything by OPM though I fall into the category that is affected. I know 21 million people is a lot of people but OPM knows how to reach out and touch me. They do it every month when they send me my retirement check.

FS

NTEU filed a lawsuit

AFGE has filed a similar lawsuit https://www.afge.org/?documentID=4961

Originally Posted by SWAVET

NTEU filed a lawsuit

AFGE has filed a similar lawsuit https://www.afge.org/?documentID=4961

I'll be corrected if I'm wrong but I thought AFGE filled a class action for all federal employees and NTEU filled for their members only.

You are right as I scan through both. NTEU has very limitted info in a lawsuit and only asking for lifetime credit protection, while AFGE has in-depth details and including OPM's contractor in a lawsuit with a wide open for the court to decide the (unlimitted) damage.

Another awful thought...

Has this OPM security clearance hack made us unemployable outside the Federal Government...

Think about it. Use me as an example. Let us say I want to interview for a job at Intuit (almost next door to my house!!!). Let us also postulate that I am fully qualified for the job and the interview seems to go well and I have already well into the 5 interviews required to get the job (real companies trying to hire real employees do not hire expensive folks after one phone interview with standardized questions). Now, it gets to the Information Technology Security Officer.

That chap finds out I work for the Federal Government - and, thus background information on me is in the hands of who knows who. Am I worth the risk of hiring? They cannot get the records to determine if I have any skeletons in the closet that were waived or resolved. They cannot determine the risk. Would you take the risk?

This is so pathetic. And, I would put a month's salary that the data was stored in a database that was obsolete, unpatched, and not properly secured.