-
Welcome to the TSP Talk Forums forums.
You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, join our AutoTracker, and access many other special features. Registration is simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact us. -
Please read our AutoTracker policy on the IFT deadline and remaining active. Thanks!
-
$ - Premium Service Content (Info) | AutoTracker Monthly Winners | Is Gmail et al, Blocking Our emails?
Find us on: Facebook & X | Posting Copyrighted Material
-
-
Join the TSP Talk AutoTracker: How to Get Started | Login | Main AutoTracker Page
-
The Forum works well on MOBILE devices without an app: Just go to: https://forum.tsptalk.com ...
Or you can now use TapaTalk again!
OPM Data Breach
- Thread starter Scout333
- Start date
uscfanhawaii
Active member
I got tired of waiting for my email/letter. I was getting more and more nervous about possible identity theft.
So I called the CSID number and pressed "1", to get a live person. (Yes, I know the recording says to press "1" if you already had a letter but if you press "2" you will only get a recording.)
I then asked them for my PIN. After providing my SSN, they gave me my 12 character alpha-numeric PIN. I logged into the website, put in my PIN, and was signed up in just a few minutes. No negative reports. All clear. I felt a lot better.
As to them providing me with the PIN over the phone...that seems a bit sketchy, and maybe they will be cracking down on that as time goes on. But for me, I skipped to the front of the 4MM person line and got signed up, so I am happy! :bigok:
So I called the CSID number and pressed "1", to get a live person. (Yes, I know the recording says to press "1" if you already had a letter but if you press "2" you will only get a recording.)
I then asked them for my PIN. After providing my SSN, they gave me my 12 character alpha-numeric PIN. I logged into the website, put in my PIN, and was signed up in just a few minutes. No negative reports. All clear. I felt a lot better.
As to them providing me with the PIN over the phone...that seems a bit sketchy, and maybe they will be cracking down on that as time goes on. But for me, I skipped to the front of the 4MM person line and got signed up, so I am happy! :bigok:
dougscott
Member
Burro ... You were right on!!
Uscfan ... Who did you provide your SSN to? If they didn't have that information ... they do now. It seems like this data should be sent through the US Mail ... not trying to be old school or paranoid. At least there are some fraud protection laws covering the use of the US Postal Service.
uscfanhawaii
Active member
I understand your point....and acknowledged the 'sketchy' nature of the process. But...
1) I called them, they did not call me. So unless the entire Fed workforce was given the wrong number, I feel pretty good that it was legit.
2) The PIN worked on a separate website, that I had to access myself, and was also put out by OPM to the entire Fed workforce. Seems legit.
3) It's good to be careful and practice good computing safety, but... at a certain point you can't be paranoid, either!
AND, I now have my credit monitoring in place. YAY! :arms:
This is very similar to what I received especially the OPM CIO part.
burrocrat
Well-known member
the info i got said official notification if you were effected would be competed by close of business today 06/19. if you are a federal employee or retiree of any branch and did not get notification as others have described, then i would suggest calling first thing on monday. for what it's worth, they seemed to have pushed the notifications out by rank (percieved importance) and many i know just got theirs today. check your work email monday morning, then call if it is not there.
also be aware if someone knows the phone number and a valid ssn#, then it is a pretty easy ticket. except for you got to.answer a series of questions like 'how much is your car payment', 'when did you last make a large purchase', and 'how many foreign nationals have you slept with'?
keep in mind the answers you provide must correctly cross between credit report and sf-86 security investigation results.
also be aware if someone knows the phone number and a valid ssn#, then it is a pretty easy ticket. except for you got to.answer a series of questions like 'how much is your car payment', 'when did you last make a large purchase', and 'how many foreign nationals have you slept with'?
keep in mind the answers you provide must correctly cross between credit report and sf-86 security investigation results.
burrocrat
Well-known member
i believe the process is consistent and legit as described. either we are alright, or we are all wrong. either way we are all in the same boat. the only folks that know the correct answers to the test questions are you, god, opm, and now csid (and maybe your spouse if you are truly in love and have been completely honest but that is a different story). get your report and look for green squares. if you see red squares that is bad. easy peasy. you will get monthly updates.
Greensboro
Member
Nothing for me yet other than an Agency Mass Mailer. One thing I haven't heard anything about yet in the media or by OPM - non-fed spouse SSNs are part of background and security check records that were compromised. Seems like OPM owes them direct communication and not rely only on communication with a fed spouse. Also, reference and friend networks with phone numbers and addresses are part of security and background checks - again PII of non-Feds.
Many, many more people than fed employees have been impacted and I am just not hearing about this part of the story.
Many, many more people than fed employees have been impacted and I am just not hearing about this part of the story.
NTEU President has requested spousal protection be included. ( Federal Union)
PessOptimist
Well-known member
FWIW department.
Last two data breaches, which were not OPM IIRC, resulted in a free "protectmyID" account for both myself and my non fed spouse. This was extended an additional 18 months for me the second time. I am not sure about the spouse. It is getting hard to keep up with all this and I cannot find the original e-mails from my masters at work advising me of all this.
Reminder to self and all: immediately forward any e-mails about such subjects home (if allowed) and once home save them as text somewhere you feel is safe. Perhaps it is because I am disorganized and paranoid but I would swear work e-mails I believe I saw are no longer in my archives and some I remember forwarding home are no longer on my hard drive as e-mails.
Since so many are reporting receiving the opmcio@csid.com canned e-mail and there are some reassurances it was not phishing, I will try to register for this protection. I wonder how many times experian (protectmyid) and csid have been breached?
Good luck to you all.
PO
Last two data breaches, which were not OPM IIRC, resulted in a free "protectmyID" account for both myself and my non fed spouse. This was extended an additional 18 months for me the second time. I am not sure about the spouse. It is getting hard to keep up with all this and I cannot find the original e-mails from my masters at work advising me of all this.
Reminder to self and all: immediately forward any e-mails about such subjects home (if allowed) and once home save them as text somewhere you feel is safe. Perhaps it is because I am disorganized and paranoid but I would swear work e-mails I believe I saw are no longer in my archives and some I remember forwarding home are no longer on my hard drive as e-mails.
Since so many are reporting receiving the opmcio@csid.com canned e-mail and there are some reassurances it was not phishing, I will try to register for this protection. I wonder how many times experian (protectmyid) and csid have been breached?
Good luck to you all.
PO
maui21ice
Member
I heard the personal information were sent to China, and since this incident occurred, I've been hit with two $400+ transactions on a Chase Freedom credit card with both purchases being from China. My father, who is also a Federal Employee has had the same, but his totals are 8 occurrences with well over $11,000. All instances were reported and we did not have to pay.
burrocrat
Well-known member
don't worry, they're probably stored on a private server in somebody's basement and copies will surface eventually.
never, as they are a wholly owned subsidiary of a shadow company of the global chinese conglomerate.
thanks, good luck to you too.
FogSailing
Well-known member
Thanks for posting Maui. I also use Chase. I checked last night and haven't been hit yet but I appreciate hearing your story. It reminds us that we all have to be vigilant in protecting our individual interests. Loved burro's comment above about Experian being a wholly owned shadow company of the Chinese.....spurted some hot coffee through my left nostril on that one...
FS
FS
burrocrat
Well-known member
i checked all my accounts and i don't think i have had my identity stolen. the charges to 'import russian brides' and 'filliapina singles' were expected and occured on time, also the monthly dues to 'naturists.com' is a previously scheduled and approved transaction.
quite frankly, i think they took one look at my credit score and background investigation, then ran out and quickly upgraded their firewalls. how do you like me now? huh, huh? sino suckers!
the beauty of having nothing is, you have nothing to lose. it is very liberating.
quite frankly, i think they took one look at my credit score and background investigation, then ran out and quickly upgraded their firewalls. how do you like me now? huh, huh? sino suckers!
the beauty of having nothing is, you have nothing to lose. it is very liberating.
Boghie
Well-known member
Re(1): 'Social Engineering', The Belmont Club, Richard Fernandez...
1. Always read 'The Belmont Club'
2. The Chinese do not care about the $27 bucks in Burros account
3. They most likely care deeply about the peccadilloes of various database administrators, server administrators, and programmers
The gubmint doesn't seem to value skillset. They want their mid-level management to be the 'leaders of the free world' rather than competent managers who understand their technology, workforce, and the risks involved. My guess is that Katherine Achuleta has no idea of what happened and is just wallowing about. She probably has a Masters Degree in Leadership or something... Then she hires someone with a Masters Degree in Project Management or something... Or maybe someone with a Security+ certificate but no background in any of the IT fields...
There will be many, many data breaches stemming from this one. I kinda target myself by typing here. Some part of the 1.6 Billion people in China got my info - what they got is anyone guess - and are now scouring blogs like this one to see who has high access. Then some chump with bad english will call and mention something that happened in the way back that was disclosed during the security check. Well, bad english phone grinder, I don't have the access you seek. Call someone else...
1. Always read 'The Belmont Club'
2. The Chinese do not care about the $27 bucks in Burros account
3. They most likely care deeply about the peccadilloes of various database administrators, server administrators, and programmers
The gubmint doesn't seem to value skillset. They want their mid-level management to be the 'leaders of the free world' rather than competent managers who understand their technology, workforce, and the risks involved. My guess is that Katherine Achuleta has no idea of what happened and is just wallowing about. She probably has a Masters Degree in Leadership or something... Then she hires someone with a Masters Degree in Project Management or something... Or maybe someone with a Security+ certificate but no background in any of the IT fields...
There will be many, many data breaches stemming from this one. I kinda target myself by typing here. Some part of the 1.6 Billion people in China got my info - what they got is anyone guess - and are now scouring blogs like this one to see who has high access. Then some chump with bad english will call and mention something that happened in the way back that was disclosed during the security check. Well, bad english phone grinder, I don't have the access you seek. Call someone else...
Boghie
Well-known member
Achuleta yammers about some networks being too old to support encryption. What an idiot. The server operating systems may be (seven of them, eh???) too old to support viable encryption. The database management systems may be too old to support viable encryption. The applications may not have been updated over the years to support in-transit encryption. Whatever...
But, we do know that you hired suspect folks as administrators with high access.
What a joke...
But, we do know that you hired suspect folks as administrators with high access.
What a joke...
burrocrat
Well-known member
did you know that opm doesn't care what you did? only that you are honest about it? that way you can't be blackmailed. if they threaten you, just say 'yeah i did that, want to see the pictures'? then hold your chin high and tell them with conviction 'there is nothing wrong with cats and donkeys and a bathtub full of nacho cheese, we are an underserved population.'
Similar threads
- Article