Nearly all of the current and former federal employees who had their Social Security Numbers and other personal information stolen in a data breach at the U.S. Office of Personnel Management have been notified by the government.
As of Friday afternoon, six months after disclosing the breach, OPM announced that along with the U.S. Department of Defense, it has finished mailing notification letters to 93 percent of the 21.5 million Americans who had their personal information stolen.
The OPM revealed in early June that it suffered two apparently separate breaches of its computer system. There was some overlap in the two incidents, with one affecting records on 4.2 million people and the other totaling background check data on 21.5 million.
The larger breach involved much more sensitive personal information OPM had gathered for security clearances investigations of current, former and prospective federal employees and contractors.
That included 19.7 million contractors and employees who applied for security clearances, and 1.8 million "non applicants" whose personal data was included in security clearance applications, such as spouses.
OPM has said that anyone who underwent a security clearance background investigation in 2000 or afterwards was likely affected by the breach.
Mailing addresses could not be found for many of the affected individuals. And OPM expects it will have to resend some letters because hundreds of thousands have been returned.
People who receive a letter should confirm that the letter matches those displayed on the OPM website. The letter should direct them to OPM’s cybersecurity page.
The agency has warned that any email that asks for personal information, or any version of the letter that does not direct individuals to OPM’s cyber security website, should be considered fraudulent, and reported to local law enforcement and the Federal Trade Commission at https://www.ftccomplaintassistant.gov.
“OPM and our partners across government remain committed to protecting the safety and security of the information provided to us,” OPM spokesperson Sam Schumach said in a statement. “Together with our interagency partners, OPM is dedicated to delivering high-quality identity protection services to impacted individuals. The interagency team continues to review the impacted data to monitor for any misuse, and the U.S. Government will also continue to evaluate the coverage being provided and whether any adjustments are appropriate in association with this incident.”