The social security numbers and other personal data of approximately 21.5 million Americans were stolen by hackers involved in the cyberattacks on the systems of the human resources department of the United States.
OPM suffered two cyberattacks
The Office of Personnel Management (OPM) experienced two cyberattacks, which were discovered in April. The OPM and the interagency response team including the FBI have been investigating the incidents.
Based on the investigations of the OPM, the cyberattacks affected the personnel data of current and former employees, and the background investigation records of current, former, and prospective federal employees and contractors.
In April, the OPM disclosed that the personal data of 4.2 million current and former federal government employees were stolen including. The stolen personal data included their full name, birth date, home address, and social security numbers.
Since then, the OPM and the interagency response teams continued investigating the cyberattacks. The investigators concluded in early June that the personal data of approximately 21.5 million people have been stolen from the agency’s background investigation databases.
The people affected by the cyberattacks included 19.7 million individuals who applied for a background investigation and 1.8 million individuals, primarily the spouses or co-habitants of the applicants.
According to OPM, there was no evidence that the health, financial, payroll, and retirement records of Federal personnel or those who applied for a Federal job were impacted by the cyberattacks.
OPM is providing assistance to individuals impacted by the cyberattacks
The OPM is providing a comprehensive suite of monitoring and protection services for those impacted by the cyberattacks. These services include:
- Full service identity restoration support and victim recovery assistance
- Identity theft insurance
- Identity monitoring for minor children
- Continuous credit monitoring
- Fraud monitoring services beyond credit files
The agency will start sending notification packages to the affected individuals including information to access the services and details of the cyberattacks. The OPM will also provide educational materials to help them prevent identity theft, better secure their personal and work-related data, and to become more generally informed about cyberattacks.