OPM Breach, did you get the letter?

[JTH]

I received the letter today, my entire personal history has been compromised. Lucky me, I've been offered 3 years of identity monitoring in exchange for a lifetime of compromise.

To say that I am not happy is an understatement.

 

[burrocrat]

i am not going to take the 3 year monitoring deal. i am holding out for new fingerprints, a perpetual job tending bar, and a boat in the keys.

 

[Warrenlm]

The letters do not seem to contain the "hold harmless" we should expect, no? The USG is self insured, controls the reserve currency, and has the Fed, so it would not cost anything, right? We need a new entitlement, even though it would be for actual taxpayers. New fingerprints hurt.

After one round of plastic surgery from which he was extremely disappointed to find that he still looked the same, one of the doctors suggested that he remove his fingerprints as a way to escape being detected. Dillinger liked this idea and elected to undergo the painful process of obliterating his fingerprints. Dillinger was not the first criminal to come up with that idea. In 1933, “Handsome Jack” Klutas had attempted to file down the small ridges on his fingers, but he ultimately failed. Two of Kate “Ma” Barker’s clan, Alvin “Creepy” Karpis and Ma’s son Freddy, decided to remove their fingerprints as well, so they hired mob physician Joseph P. Moran to do the job. Moran was inexperienced in this procedure and repeatedly hacked and knifed at their prints until the gangsters couldn’t bear any more pain, but when their fingers finally healed, the fingerprint ridges grew back to their original patterns.

 

[FogSailing]

Hi JTH. This is either the second or third time my data was breached. It occurred while working for DOE (Chinese hacking attacks) and again at OPM. They have provided Experian for me since 2009 and I expect them to provide that coverage until I move to another plane of existence. However, even Experian was recently hacked so I don't know how much faith I have in any of these systems.

I've spoken before about the idiocy of the last 10 years in government supplanting a knowledgeable federal workforce competent in cyber-security with a bunch of contractors....we know the results...

And while I know I shouldn't feel this way or say this: I still feel the people responsible for allowing this to happen should be publically acknowledged for their incompetence and made to suffer in some meaningful way.

I am sorry that you and so many others private information was breached.

It would make me proud if our NSA\CIA\DOD repaid the Chinese for their kindness in a meaningful and significant way.

FS

 

[Boghie]

I, personally, do not trust an entity I do not know with even more information. As far as I can tell, my bank information is not in my security clearance.

Maybe the best thing any of us can really do is change our bank (or our account numbers), do the same for credit cards, and do whatever you can to make other identifiable targets different than documented in your security clearance. Basically, make the security clearance info obsolete.

Luckily, national espionage probably doesn't key around bank accounts and the like. Nations would be more interested in leveraging individuals. I feel sorry for those who properly disclosed issues that can now be leveraged.

 

[JTH]

I, personally, do not trust an entity I do not know with even more information. As far as I can tell, my bank information is not in my security clearance.

Maybe the best thing any of us can really do is change our bank (or our account numbers), do the same for credit cards, and do whatever you can to make other identifiable targets different than documented in your security clearance. Basically, make the security clearance info obsolete.

Luckily, national espionage probably doesn't key around bank accounts and the like. Nations would be more interested in leveraging individuals. I feel sorry for those who properly disclosed issues that can now be leveraged.

For my security clearance, I was not required to provide my banking info.

My guess, is that the combination of SSN, Full Name, and address can be used to acquire credit cards in my name, be used to make purchases, thus damaging my credit rating.

 

[Warrenlm]

I wonder if the ChiComs are getting in on the ground floor for this effort and will cross check their multiple datasets, especially when they build one from this information. Soon they may command the behavior of enough employees to make the intel industry, employees and contractors, a subsidiary. They're probably looking for the big fish, though, no?

But if on the other hand you have ever been known to browse for some adult entertainment, you could be the next target for hackers.

The warning comes from software engineer Brett Thomas, who said on his blog: ‘If you are watching/viewing porn online in 2015, even in Incognito mode, you should expect that at some point your porn viewing history will be publicly released and attached to your name.’

He said: ‘At any time, somebody could post a website that allows you to search anybody by email or Facebook username and view their porn browsing history. All that’s needed are two nominal data breaches and an enterprising teenager that wants to create havoc.

‘I think the next big internet privacy crisis could expose the private and potentially embarrassing personal data of regular people to their neighbors.’

http://metro.co.uk/2015/10/18/your-porn-browsing-history-could-soon-be-available-for-all-the-world-to-see-5446851/

 

[Warrenlm]

And while I know I shouldn't feel this way or say this: I still feel the people responsible for allowing this to happen should be publically acknowledged for their incompetence and made to suffer in some meaningful way.

Repeated without attribution but with a "hear, hear!"

 

[WorkFE]

Got mine on the 8th. Not happy but what can you do.

Spoke to a friend of mine who was a contractor, retired 5 years now, got the letter as well. I thought it was just Gov. employees.

 

[Cactus]

Ouch!!! That hurts, Jason. Sorry to here you are another one ripped off by this continued ineptitude.

Hey wait a minute -- how do we know you are the real Jason? Speak Mandarin or Cantonese by any chance?

 

[FogSailing]

I knew it. JTH stands for Jason The Hun!

FS

 

[PessOptimist]

I nor anyone I have asked has received such a letter. We all got breached. What do you suppose that means? They haven't gotten to sending a letter to us yet or some are at more peril?

PO

 

[Cactus]

Nah. The Chinese just intercepted most of the letters before they got to us. Jason's and WorkFE's just slip through the cracks. Not that I'm paranoid or anything. :notrust:

 

[JTH]

I nor anyone I have asked has received such a letter. We all got breached. What do you suppose that means? They haven't gotten to sending a letter to us yet or some are at more peril?

PO

"The OPM began mailing notification letters to the 21.5 million individuals impacted by the breach this week, alerting them that their data was compromised and describing the suite of identity protection services they will receive for three years.
ADVERTISEMENT

The letters will also indicate whether an individual was one of the 5.6 million whose fingerprint data was taken as part of the heist."

Well there's always a bright side, perhaps they didn't get my fingerprints (like you couldn't get those from any number of beer bottles in my trash can)

 

[nnuut]

How is this different from the CSID credit monitoring program that I already signed up for, why another one?

 

[burrocrat]

How is this different from the CSID credit monitoring program that I already signed up for, why another one?

the first one was because they stole your payroll data.

this second one is because they stole anything you put down on your background check and any subsequent entries by the investigator for your security clearance. including family members, how when and where you ever left the country, how may foriegn nationals you have slept with and whether they were just holidays in thailand or live in lovers in the czech republic. also they know your eye color.

 

[JTH]

How is this different from the CSID credit monitoring program that I already signed up for, why another one?

From their Website

Credit Monitoring

We offer credit monitoring from all three credit bureaus—Experian, Equifax, and TransUnion—and alert your customers of any changes to their credit file. Real-time alerts when activity of any type is noted on your customer’s credit file allows your customer to make a determination if the transaction is one that they initiated or one that is fraudulent. Those who are protected can also choose to set fraud alerts or credit freezes.

Identity Monitoring

A person’s identity is a complex entity, and thieves know how to exploit it for their greatest gain—and the greatest danger to your customers. Our comprehensive identity monitoring covers all aspects of a person’s identity for maximum protection, including Social Security Number trace, Change of address monitoring, Payday loan monitoring, and Court records and bookings monitoring

 

[JTH]

Deleted

 

[nasa1974]

I haven't gotten my snail mail letter. I did receive an email a few months back.

Here is what is on Nextgov.com
Federal Technology News and Analysis for IT Managers & Acquisition Teams


Here

Here’s How OPM Is Telling Hacked Feds Their Data Was Stolen

"Victims of a data breach that exposed intimate details on national security professionals inside and outside government, along with their families have begun receiving a generic notification letter directing them to a government website for assistance..."

 

[WorkFE]

A co-worker of mine said his spouse got one, never had a clearance, but he didn't.
uh, this isn't instilling a lot of confidence at the moment.
Or maybe they only got her info off his paper work. :laugh: