OPM breach: How to protect yourself, and what they’re really after

WASHINGTON — The federal government confirms more than 21 million people were affected by the massive federal Office of Personnel Management breach, which included stolen Social Security numbers and health and financial information. But the hackers responsible also could target people who are not affiliated with the government.

Victims of the attack can take advantage of services to protect themselves from fraud. Current, former and prospective federal employees, contractors and their spouses and children whose information was hacked are eligible for OPM’s free credit and identity-theft monitoring service for at least three years.

OPM also plans to develop a proposal for the same service for all federal employees, even if they are not affected by this breach.

But Ken Colburn, of the Data Doctors, says identity theft isn’t what the hackers are after.

“They’re more interested in recruiting spies or blackmailing employees or finding out who key government employees are and using this information in much more nefarious ways.”

Phishing scams — fraudulent emails that trick you into giving up private information, sometimes for blackmail — are one way the information could be used.

OPM is notifying people who are affected by the breach, but even those emails must be handled very carefully.

“OPM has already announced to all the hackers out there exactly what this email is supposed to look like. So it’s a double-edged sword for them to try to alert everybody to watch for this email. But what they’ve done is made it really easy for people who want to create really sophisticated phishing scams. … So spoofing or making it look like the official OPM email is going to be very easy to do.”

Colburn says emails should be treated as guilty until proven innocent, even if you do not have any affiliation with the government.

“Somebody that actually wasn’t a part of this breach may get one of these convincing emails.”

Information about the attack can be found on OPM’s data breach website.

If you are a victim of a phishing scam, you need to file a report with the Federal Trade Commission.

Copyright © 2019 The Associated Press. All rights reserved. This material may not be published, broadcast, written or redistributed.

More from WTOP

Log in to your WTOP account for notifications and alerts customized for you.

Sign up