AFSA is diligently following the ongoing issue related to the June 4 revelation that the Office of Personnel Management (OPM) suffered a cybersecurity incident affecting its systems and data. The Personally Identifiable Information (PII) of many current and former federal employees at the foreign affairs agencies have been exposed as a result of this breach. Most current, former and prospective federal employees at ALL foreign affairs agencies have been affected by this breach. That includes the State Department, USAID, FCS, FAS, BBG and APHIS. OPM discovered a second breach late on June 12 which indicates that any current, former or prospective employee for whom a background investigation has been conducted is affected.

General Information

• Information About OPM Cybersecurity Incidents (please note that these pages will be updated periodically):
  • Cybersecurity Incidents
  • Recent Updates
  • Frequently Asked Questions
  • Stay Informed
• If OPM's records indicate your fingerprints were not compromised, your notification letter will look like this (PDF file).
• If OPM's records indicate your fingerprints were compromised, your notification letter will look like this (PDF file).
• If the government has determined that you were not impacted, your notification letter will look like this (PDF file).
• The Office of the Director of National Intelligence’s (ODNI's) National Counterintelligence and Security Center (NCSC) provides tips and guidance on how to protect your personal information from being exploited by cyber criminals and foreign intelligence services. They have videos and other helpful resources available on their website: http://www.ncsc.gov/.

Most Recent Updates

• Message from Beth Cobert, OPM Acting Director (June 27, 2016)
• Message from Beth Cobert, OPM Acting Director (June 24, 2016)
• New Questions About OPM's Data Breach Response (Washington Post, May 26, 2016)
• OPM Breaches Still Resonating (FEDweek, March 16, 2016)
• President's 2017 Budget Includes Significant Investments to Enhance OPM’s Cybersecurity and Customer Service (February 9, 2016)
• OPM Updates Status of Cyber Breach Services (FEDweek, January 27, 2016)
• Extended Services Still a Work in Progress (FEDweek, January 27, 2016)
• Closing the Cybersecurity Skills Gap (January 20, 2016)
• E-mail from Beth Cobert, OPM Acting Director (January 15, 2016)
• E-mail from Beth Cobert, OPM Acting Director (December 18, 2015)
• OPM Completes Initial Mailing of Notification Letters to Individuals Impacted by the Theft of Background Investigation Records (OPM Press Release, December 11, 2015)
• Clearance Breach Notices Wrapping Up (FEDweek, December 2, 2015)
• E-mail from Beth Cobert, OPM Acting Director (December 1, 2015)
• OPM Teleconference on OPM Data Breach (December 1, 2015)
• November 12, 2015: If you received THIS EMAIL from OPM, AFSA has verified that it is legitimate.
• Expanded Identity Protection Still Under Consideration (FEDweek, November 11, 2015)
• OPM Hires New Cyber Advisor (November 4, 2015)
• Update from Under Secretary of State for Management Patrick Kennedy (November 3, 2015)
• OPM Notifies 3.7 Million Hack Victims of Data Protection Services (Federal News Radio, October 28, 2015)
• Update from Acting OPM Adminstrator Beth Cobert: Notices Being Sent to the 21.5 Million Affected in Second Breach (September 30, 2015)
• OPM Now Says 5.6 Million Fingerprints Stolen (Roll Call, September 23, 2015)
• Notices of Identity Theft Services Coming Soon, OPM Says (FEDweek, September 16, 2015)
• Update from Under Secretary for Management Patrick Kennedy (September 8, 2015)
• OPM, DoD Announce Identity Theft Protection and Credit Monitoring Contract: Victims of Cybercrime to Receive Three Years of Services (September 1, 2015)
• Update from Under Secretary for Management Patrick Kennedy (August 19, 2015)
• AFSA Letter to Acting OPM Director Beth Cobert (August 9, 2015)
• Congressional Research Service Report on the OPM Data Breach (July 24, 2015)
• AFSA Update, July 24
• Notice to USAID Employees (July 16, 2015)
• Update from Under Secretary for Management Patrick Kennedy (July 15, 2015)
• Cardin, Mikulski, Warner, Kaine Call for Stronger Protections for the Millions Affected by the Recent OPM Data Breaches (July 9, 2015)
• Update from Under Secretary for Management Patrick Kennedy (July 9, 2015)
• FACT SHEET: Administration Cybersecurity Efforts 2015 (July 9, 2015)
• New Information about Background Investigation Cyberintrusion (July 9, 2015)
• OPM Announces Steps to Protect Federal Workers and Others From Cyber Threats (July 9, 2015)
• OPM Announces Results of Investigation - 25 Million Federal Employees Affected (July 9, 2015)
• OPM Update on the Cyberintrusion Investigation (July 4, 2015)
• AFSA Letter sent in conjunction with the Federal-Postal Coalition (June 25, 2015)
• OPM Cybersecurity Action Report (June 2015)
• AFSA Letter to OPM Director Katherine Archuleta on Data Breach (June 22, 2015)
• OPM Frequently Asked Questions
• How OPM Is Tackling Cybercrime
• Update from Under Secretary for Management Patrick Kennedy (June 29, 2015)

OPM is sending notifications to individuals whose PII was potentially compromised in this incident. The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service. All the foreign affairs agencies suggest that those affected should contact the firm listed below. Members of the Foreign Commercial Service may additionally contact Commerce's Office of Information Security at informationsecurity@doc.gov.

As a note of caution, confirm that the email you receive is, in fact, the official notification. It's possible that malicious groups may leverage this event to launch phishing attacks.  To protect yourself, we encourage you to check the following:

1. Make sure the sender email address is "opmcio@csid.com".
2. The email is sent exclusively to your work email address. No other individuals should be in the To, CC, or BCC fields.
3. The email subject should be exactly "Important Message from the U.S. Office of Personnel Management CIO".
4. Do not click on the included link.
   
   1. Instead, record the provided PIN code, open a web browser then manually type the URL http://www.csid.com/opm into the address bar and press enter. You can then use the provided instructions to enroll using CSID's Web portal.
5. The email should not contain any attachments. If it does, do not open them.
6. The email should not contain any requests for additional personal information.
7. The official email should look like this sample screenshot. (Not all of them will look exactly like that email.)

OPM has confirmed there are multiple formats of the email notification coming from CSID. You should not be concerned if you received a notification that does not look exactly like the sample linked above. Legitimate emails will have the four following characteristics:

1. All email notifications will come from: opmcio@csid.com .
2. All email notifications will contain a complex pin number.
3. They will NOT necessarily contain the clickable “enroll” button.
4. They will be signed by the Office of Personal Management.

Additional information has been made available on the company’s website, www.csid.com/opm, and by calling toll-free (844) 777-2743 or (844) 222-2743 (International callers: call collect 512-327-0705).

Regardless of whether or not you receive this notification, employees should take extra care to ensure that they are following recommended cyber and personal security procedures. If you suspect that you have received a phishing attack, contact your agency’s security office. 

In general, government employees are often frequent targets of “phishing” attacks, which are surreptitious approaches to stealing your identity, accessing official computer systems, running up bills in your name, or even committing crimes using your identity. Phishing schemes use email or websites to trick you into disclosing personal and sensitive information.

Steps for Monitoring Your Identity and Financial Information

• Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
• Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228.  Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax^®, Experian^®, and TransUnion^® – for a total of three reports every year.  Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.
• Review resources provided on the FTC identity theft website, www.Identitytheft.gov. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
• You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion^® at 1-800-680-7289 to place this alert. TransUnion^® will then notify the other two credit bureaus on your behalf.

Precautions to Help You Avoid Becoming a Victim

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about you, your employees, your colleagues or any other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Do not send sensitive information over the Internet before checking a website’s security (for more information, see Protecting Your Privacy at http://www.us-cert.gov/ncas/tips/ST04-013.
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
• Employees should take steps to monitor their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
• Additional information about preventative steps by consulting the Federal Trade Commission’s website, www.consumer.gov/idtheft. The FTC also encourages those who discover that their information has been misused to file a complaint with the commission using the contact information below.

Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580

https://www.identitytheft.gov/

1-877-IDTHEFT (438-4338)

TDD: 1-202-326-2502

Agency-Specific Points of Contact:

If you have additional questions, we invite you to contact AFSA's constituency vice presidents and representatives:

• State: Angie Bryan
• USAID: Sharon Wayne
• FCS: Steve Morrison
• FAS: Mark Petry
• BBG: (currently vacant)
• APHIS: Mark Prescott
• Retirees: Tom Boyatt

This page was last updated on 5/26/16.