The federal government will be notifying 4 million employees as it works to get a handle on a cyber security incident that reportedly could have affected multiple agencies.
The U.S. Office of Personnel Management late Thursday said it “recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former federal employees.”
Notices will be sent, starting on June 8, to about 4 million individuals who may have had their personally identifiable information stolen by a cyber attack—found in April as the agency updated its cybersecurity position. A news release does not indicate the exact timing of the breach or how long the hacker or hackers were in the office’s system.
“Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to Federal personnel,” said OPM, in a statement. “And OPM immediately implemented additional security measures to protect the sensitive information it manages.”
According to reports, other federal agencies were also hacked, including the Interior Department. Sources tell various news organizations that it is possible every federal agency was hacked, with some reports attributing the attack to China.
OPM posts federal job openings, conducts background checks and security clearances, manages pension benefits for retired employees, administers health insurance and other insurance programs to employees, and provides training and development programs for employees and government agencies.
The office said it is offering credit monitoring, credit report access, and identity theft insurance services with a fraud-detection company called CSID. An 18-month membership includes credit monitoring and $1 million in identity theft protection services at no cost.
“Since the investigation is on-going, additional PII exposures may come to light; in that case, OPM will conduct additional notifications as necessary,” OPM said.
Added OPM Director Katherine Archuleta: “Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM. We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”