• Cullen and Dykman LLP Blogs

  • Archives

  • Federal Employees’ Personal Information Compromised by Data Breach

    In recent headlines, the Office of Personnel Management (“OPM”) has begun notifying millions of federal employees that it may have lost their personal information earlier this month in a data breach.

    The data breach occurred when hackers, who allegedly have ties to the Chinese government, compromised the computer system run by OPM and stole the personal information of up to 14 million government and military employees. The incident is believed to affect current and former federal personnel who have held federal civilian positions.

    This past weekend, U.S. personnel stationed in Japan began receiving notification emails informing them that their personal information may have been compromised. The agency “recently became aware of a cybersecurity incident affecting its systems and data that may have exposed your personal information” OPM Chief Information Officer Donna K. Seymour stated in the emails. Compromised data may include people’s names, social security numbers, dates and places of birth and current or former addresses.

    In an attempt to mitigate the potential consequences of the data breach, OPM is offering credit monitoring services and identity theft insurance through CSID, an identity theft protection and fraud resolution company. According to Seymour, anyone affected by the breach will receive a complimentary 18-month subscription to CSID Protector Plus, a service that monitors the Internet and public records for evidence of identity theft. Additionally, anyone affected by the breach will receive $1 million of identity-theft insurance up until December 7, 2016.

    Although OPM’s notifications are beneficial because it makes potential victims aware of the situation, there are also some risks. Hackers and identity thieves can also take advantage of OPM’s notifications by impersonating OPM personnel to obtain information from already affected individuals. To reflect this concern, Seymour made it clear that OPM and any company affiliated with it will not contact any affected individuals to confirm personal information.

    In sum, although there have been many attempts to increase cyber security, data breaches remain prevalent. These cyber-attacks can happen to anyone, such as individuals, businesses and even government employees. To be on the safe side, employers are encouraged to review their Internet security policies and hone in on the risk factors that make them vulnerable to Internet hackers. Businesses should also continue to improve the strength of their data security systems and take any additional steps to protect corporate databases to limit vulnerability.

    If you or your institution has any questions or concerns regarding cyber security related issues, please email Cynthia A. Augello at caugello@cullenanddykman.com or call her at (516) 357-3753.

    A special thank you to Lauren Dwarika, a law clerk at Cullen and Dykman LLP, for her assistance with this blog post.