The government may be spending $20 million on fraud protection following last week’s Office of Personnel Management hack, but potential victims should consider taking additional steps to protect themselves.
According to OPM, the hack affects current and former federal civilian personnel and data stolen may include names, Social Security Numbers, dates and places of birth, and current and former addresses.
Stay informed—and prepare for the worst
The Washington Post and many other sources are reporting the thieves may have gained access to SF (Standard Form) 86 documents, which contain far more personal information than the OPM has announced. However, reporting on this is still unclear and may not be accurate.
If you haven’t received a letter yet from the Office of Personnel Management and you are a current or former federal employee, the safest bet is to prepare for the worst-case scenario.
Beware of phishing & phony communications
Cybertheives may try to use the personal information they’ve acquired to craft personalized “spear-phishing” emails—perhaps from people or organizations you know. Verify any emails you receive by checking the sender’s name and address with the information you’ve used in the past—or, ask them directly via trusted phone numbers or emails so you can ensure they are the real senders.
Exercise caution with sensitive information
Generally good advice to live by: don’t send any financial or account information via email—especially usernames and passwords.
Also, when entering sensitive information into any website, ensure the URL has “https://” in front, not just “http://”
Watch your credit
If your social security number is ever stolen, it’s possible someone may try to open financial accounts in your name, which can impact your credit. The best way to check is to get your credit report—and keep checking it periodically. The Federal Credit Reporting Act mandates credit reporting companies to provide free credit reports to you annually, at your request. View your report annualcreditreport.com or call 1-877-322-8228.
Consider placing a fraud alert on your credit file. This will notify creditors to contact you before opening new accounts. Call or go online to set up the alert:
If you want to go a step further for peace of mind, consider setting up a credit freeze. This will lock down your credit report and prevent new accounts from being opened in your name until you lift the freeze yourself (which costs a fee—$10 in some states). A security freeze does not stop misuse by a thief of your existing bank or credit accounts, so be sure to continue checking all monthly statements for erroneous activity.
Also—try to file your taxes early next year before the thief gets a chance to do it for you.
Get new accounts
The Federal Trade Commission is recommending victims to contact their banks or credit card companies to cancel their cards or close their bank accounts and request new account numbers. Change usernames and passwords, and if you can’t access the account, ask for it to be shut down.
If you know anyone who could potentially be affected by the OPM hack, inform them about the steps they need to take to protect themselves. Additionally, consider warning your friends, family and acquaintances to follow these steps if you believe their information may be in your potentially compromised background investigation files. Even though the extent of the breach is still unclear—it doesn’t hurt to take extra precautions.