OPM data breach solution: Sufficient or merely expensive smoke and mirrors?

There appears to be a great deal of confidence the 2015 breach suffered by the Office of Personnel Management (OPM) had more to do with international cyber warfare than individual cyber home invasions.

Randy Silvey, president of Silverlight Financial
Randy Silvey, president of Silverlight Financial

Nevertheless, past federal employees, current federal employees and those who have merely applied for federal employment, have been fundamentally debased. They have had their privacy invaded, their identity compromised, their reputations put at risk and their credit threatened.

It seems to be a good time to look at the measures that are currently underway to “protect” those that have been exposed.

Sept. 1, 2015 – According to OPM.gov, OPM announced that it has awarded a contract of $133 million  to Identity Theft Guard Solutions. The contract will provide identity theft protection for those whose information was stolen during the infamous OPM identity hack.

The Consolidated Appropriations Act of 2016 included an additional $21 million in funding for OPM “cybersecurity” needs. Additionally, for individuals affected by the OPM data breaches, language is included providing identity protection coverage for 10 years.

Steps in the right direction, perhaps. Yet, anything less than lifetime identity protection will be clearly inadequate. Considering the banter this subject incites, we may anticipate this topic being a political ping pong for years to come. I don’t know about you, but, I am putting a reminder on my Microsoft Outlook calendar for 2025.

I have two proposals to offer for consideration that should strengthen the overall identity security of the hacked hordes.

    1. As I have already eluded too, identity protection should be a LIFETIME free service for anyone that has had their identities compromised due to this wide scale identity assault. It should never be the responsibility of the breach victims to ever pay for this type of service … ever! Admittedly, any “identity protection” service is limited in the scope of benefits it can offer. Example: it doesn’t prevent someone from opening a credit account using someone else’s hard earned credit. However, it does inform the harmed party that the act has been performed. It also makes it easier to “clean up” the incident with credit reporting agencies. All in all, for the “OPM hack victims,” this is a significantly essential service. Most likely this particular breach was not performed as a typical financial scheme that, as we all know, destroys individual lives. However, let’s face it, the range of this attack hasn’t been fully revealed yet. So, I believe it is reasonable to conclude this information may yet wind up in the hands of groups or individuals that would also use it for financial gain.
    2. OPM should also offer to pay for a personal credit freeze to these injured individuals. This would aid in filling some of the gaps that are apparent in the identity protection service. A credit freeze can block identity leeches from applying for new loans or credit cards. A credit freeze will effectively freeze individual credit accounts. It adds an extra step to obtaining new credit. Each credit reporting agency can provide consumers a unique PIN that will then need to be provided in order to apply for new credit. I believe this too is an essential step that OPM should pay for. While in some states this is a free service in other states the credit bureaus are allowed to charge for it. In any case the fee is generally $10 or less.

Note: A credit freeze can be performed online. I ardently believe the federal government should address credit freezes with those affected individuals. It should also pay for the service in the non-gratis states. However, I don’t suggest waiting for that day to arrive. If you know you have been part of this attack, I would suggest freezing your credit as quickly as you can. Imagine how terrifying it would be to try and freeze your credit six months from now, only to find that it has already been frozen by someone claiming to be you. At that point, you would enter a very surreal moment in your life. You will now have to prove you are who you say you are, because your cyber doppelganger has already locked down your identity for themselves. What a chilling possibility!

I recently provided a Federal Retirement Readiness Review for Lenny (a retired fed) when our discussion turned to the OPM hack. This was my first meeting with Lenny, but, I could quickly see he was greatly concerned and agitated about the security of his retirement funds. I offered Lenny some “low tech” solutions to a “high tech” problem. I suggested Lenny change his login and password. This time taking into consideration that someone in the dark cyber underground knows:

  • Lenny’s mother’s maiden name
  • Where he went to school
  • His oldest brothers middle name
  • His first pet’s name
  • His health history

To protect his retirement funds, Lenny created new logins, passwords, security questions and answers.

I have offered a couple of ideas OPM could implement to protect those that have been hacked. But, as a current fed, a past fed or just someone who applied to be a fed, what can you do to protect yourself? I am no computer geek, but, I know a few.

What’s a concerned fed to do?

  1. Let your voice be heard, contact your federal representatives — Lifetime identity protection, identity insurance and credit freezes for everyone touched by this debacle, should be a minimum starting point.
  2. Change all your logins and passwords. Technology experts tell me that each login for each account you have should be, unique and alpha-numeric with special characters.
  3. Get your free credit reports (every year) from annual credit report. Check for any accounts or charges you don’t recognize.
  4. Take advantage of the identity theft program currently offered by OPM.
  5. Create your own credit freeze.
  6. File taxes early every year.
  7. Request an IP PIN from the Internal Revenue Service (IRS) by completing form #14039. This is a similar approach to protecting your tax info as the credit freeze approach is to protecting your credit.
  8. Check out the Federal Trade Commission (FTC)  IDENTITY THEFT page.
  9. Request a new PIN from Thrift Savings Plan (TSP). You can change your PIN at any time. To do so, call the Thrift Line (1-TSP-YOU-FRST) enter your TSP account number and existing PIN. Follow the directions to change your PIN.

My best piece of advice is, don’t wait, take steps now to protect everything you have worked hard for!

The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual.

Randy Silvey is the published author of: “You FIRST, Federal Employees Retirement Guide,” one of the bestselling books of its kind on Amazon and Kindle. He has 14 years’ experience guiding feds to pursue a youthful and wealthy retirement. Randy can be reached at 816-524-515 or Silverlight’s website.
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual. Securities offered through LPL Financial, member FINRA/SIPC.

Read all of Federal News Radio’s coverage of the OPM cyber breach.

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.