Victims of US gov't mega-breach still haven't been notified

Affected workers to receive aid starting 'later this month'

By Neil McAllister in San Francisco


Nearly three months after the US Office of Personnel Management (OPM) discovered its databases had been compromised by Chinese hackers, the government still hasn't notified the employees and contractors affected by the breach.

On Tuesday, the OPM said it planned to start the process of informing victims "later this month," and that reaching everyone is expected to take several weeks.

The Department of Defense will send notifications directly to affected people by postal mail, the agency said.

"Millions of individuals, through no fault of their own, had their personal information stolen and we're committed to standing by them, supporting them, and protecting them against further victimization," OPM acting director Beth Cobert said in a statement, adding, "And as someone whose own information was stolen, I completely understand the concern and frustration people are feeling."

The OPM first noticed the hacking incidents in June, although it was later determined that the attackers had probably been slurping data from the agency's systems for more than a year.

At first it was thought that around 4 million individuals' records had been snaffled. But after a second leak was discovered, the total figure eventually ballooned to 21.5 million. Nearly all of them are still waiting to be notified as to whether they were affected.

Among the data that is thought to have leaked are records of Standard Form 86, an exhaustive questionnaire designed for people who are requesting security clearances. It covers just about every personal and financial detail about each applicant, including employment, criminal, and health records.

Naturally, many of the people whose information is now in the hands of the hackers – who are believed to have ties to the Chinese government – are currently employed in sensitive positions at various levels of the US government and military, making this particular data breach especially egregious.

Also on Tuesday, the OPM said it has secured a contract with a company to provide identity theft protection and monitoring services for everyone affected by the breach. Identity Theft Guard Solutions, doing business as ID Experts, will provide these services for free to victims and their dependent children under the age of 18 for a period of three years.

The total cost of the contract to the government will be $133,263,550 (£87,075,070), OPM said. By comparison, it earlier asked Congress for $21m to secure the systems that allowed the leak.

Anyone who's worried that they may be one of the ones whose information has been snatched can find more information and sign up for email alerts here. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Are you taking the peacock? United Airlines deny flight to 'emotional support' bird

Angry bird: Artist's idea fails to take off

Emirates and Turkish Airlines lift laptop ban on US-bound flights

Passengers can bring electronic devices onboard from today

Good news: Teen hacker gets 1-million-air-miles bug bounty reward. Bad news: It's United Airlines

There's always a catch

Beaten passenger, check. Dead giant rabbit, check. Now United loses cockpit door codes

Not a good month for the aviation giant

Router cockup grounds United Airlines flights WORLDWIDE

FAA issues, then lifts, stop order

Chinese hackers behind OPM megabreach also pwned United Airlines

Possibility of Beijing-sponsored triple hack makes industry sit-up, gulp, take notice

Y'know how airlines never explain delays? United's bug bounty works the same way

Researcher says airline failed to fix critical bug for five months

United Airlines bug bounty shells out 1.8M miles for three flaws

14 flaws nixed by crowdsourced code-hunters

Google code reckons it's smarter than airlines, AI funding, and lots more

Roundup It's this week in machine learning

Night before Xmas and all through American Airlines, not a pilot was flying, thanks to this bug

Updated Vacation system gremlin gives everyone who asked time off