The Office of Personnel Management hopes a website refresh makes it easier for people impacted by last year’s cyber breaches to obtain information and answers.
In a letter to current and former federal employees involved in the hack, OPM acting Director Beth Cobert directs them to review the updated frequently asked questions section.
“The updated site includes new information as well as information we’re providing as a result of questions and feedback we have received from those who have visited the site,” Cobert said.
The site highlights six overarching categories related to the breach. The titles are:
About the impacted information
Who has been impacted
Getting notified if your data was compromised
Protecting your identity
What’s being done to strengthen cybersecurity
Within those categories is more specific information for people who have questions about the hacks and what to do if their personally identifiable information (PII) was stolen and what to do to protect themselves in the future.
The website update “was designed to streamline the content, make it more user friendly and to include all of the progress our cybersecurity team has made to secure our systems over the last year,” an OPM spokesman told Federal News Radio in an email.
Cobert said OPM completed notifying the more than 21 million victims of the breaches through initial notification letters. About 10 percent of the letters were returned due to incorrect or changed addresses.
“We have worked to get updated addresses for those whose letters were returned and we are now remailing letters to those who did not receive their original notification letter for the background investigation records incident,” Cobert said “The letter being mailed will clearly state at the top that it is a duplicate of the letter previously sent, but not successfully delivered.”
The OPM spokesman said that contrary to other media reports, neither the scope of the impacted individuals nor the definition of impact has been changed.
Cobert also highlighted that OPM is making “steady progress” implementing the fiscal 2016 Consolidated Appropriations Act, which includes upping the length and amount of insurance coverage for hack victims.
“You will be pleased to learn that OPM has increased the amount of identity theft insurance provided to those impacted by the cyber incidents involving personnel records or background investigations records from $1 million to $5 million,” Cobert said. “This increase was put into effect on June 1, and impacted individuals do not have to do anything to be covered by this increase. In addition to increasing the identity theft insurance coverage, OPM is continuing to work on extending credit monitoring and identity protection services to those impacted by either incident for a period of not less than 10 years. We will share additional information later this year.”
Cobert also took time in her letter to reiterate the importance of staying vigilant when it comes to cyber hygiene.
“In the increasingly complex electronic environment in which we operate, it’s up to each one of us to be on guard against malicious actors and to protect the security of the technology we use every day,” Cobert said. “From regularly updating your passwords to being aware of phishing email scams, there are actions we can each take to protect ourselves from cyber intrusions.”
About 21.5 million current and former federal employees and some of their family members were victims of the two OPM data breaches last year.
The first breach impacted about 4.2 million people and their PII, while the second breach reached the background information form submitted by intelligence and military personnel for security clearances.
About 2.7 million people in that larger group — or 11.36 percent — have enrolled in free identity protection services provided by ID Experts, according to the latest data from the agency.
Winvale CEO Kevin Lancaster told Federal News Radio that the enrollment rate for current and former employees impacted by the first breach is 25.37 percent, or roughly a quarter of the original 4.2 million people affected by the first breach of PII.