Just over one-quarter of the 21 million current or former federal employees who had personal information stolen in the Office of Personnel Management breach have been notified by the government, an agency spokesperson told NBC News.
As of Tuesday evening, approximately 5.5 million notification letters had been mailed out, OPM spokesperson Samuel Schumach said –- about on track for where the office expected to be at this point.
“Before we began mailing the notification letters, we estimated the process would to take up to 12 weeks,” Schumach said. “OPM made the decision to ‘ramp up’ our mailing rate in order to assess our processes and the ability of the vendor to register impacted individuals for identity theft protection and monitoring services.”
Read More: OPM: 21.5 Million People Affected By Background Check Breach
The figure was first reported by Reuters on Tuesday. OPM revealed in early June two apparently separate breaches of its computer system in which information on 22.1 million Americans was stolen. There was some overlap in the two incidents, with one affecting records on 4.2 million people and the second totaling background check data on 21.5 million.
In September, OPM revised the number of individuals whose fingerprints had been taken in the breach to 5.6 million. That count had originally been reported as fingerprints for 1.1 million people. Among the government employees who had personal information stolen were FBI Director James Comey and the current head of OPM.
When notices began to be sent out at the start of October, OPM Director Beth Cobert said in a statement that the letter-mailing process could take “considerable time.”
“I understand that many of you are frustrated and concerned, and would like to receive this information soon,” Cobert said. “However, given the sensitive nature of the database that was breached –- and the sheer volume of people affected –- we are all going to have to be patient throughout this notification process.”
Read More: OPM Director Katherine Archuleta Resigns Following Data Breach Outcry
The government awarded a $133 million contract to an Oregon-based ID protection company in the aftermath of the hacks to provide monitoring and identity theft insurance to the victims and their children.
A notice on the website of the company, ID Experts, says that notifications “will continue to be made over a period of 12 weeks through the beginning of December. If you believe you should receive a letter and have not received it yet, please be patient.”
