You are here

Email from OPM – is it the real deal?

Share this page

Update (December 9, 2015): OPM discovered a second data breach that affects federal employees, contractors, and others. If you received a letter from OPM, please visit to learn more about what happened and to sign up for free identity protection services.

You just got an email saying your information was exposed in the OPM data breach. Wondering whether the email is the real deal or not? Here are a few things to look for:   

  • OPM will be sending most breach notifications by email between June 8 and June 19. The email will come from this address: If you get an email about the breach from a different address, then it’s a scam. Don’t click on any links or provide any personal information.
  • The real email from will include your name, your PIN, a button to “enroll now” and information about the CSID Protector Plus program. If you prefer, rather than clicking the “enroll now” button, you can go directly to CSID’s website to enter your PIN and enroll.  
  • Here’s what to expect on CSID’s website: First, they’ll ask for your PIN or the last four digits of your Social Security number to make sure you are who you say you are. Next, if you choose to enroll in CSID's services you’ll be asked to provide additional personal information. 
  • OPM will not call you about the breach. If you get a phone call saying it’s OPM, then it’s a scam. Don’t provide any personal information. CSID, not OPM, is making all contacts about this breach. The contacts will be by email or US mail, not by phone. 

If you’re still unsure whether the email you got is real, check OPM’s website for more information and updates. If you think you’ve been tricked by a phishing email or a fake call, then file a complaint with the FTC and forward the email to


Ms. Small, Is there a way to verify with the postal service that OPM paper letter came indeed from OPM, not from some masquerader?

Go to for the most current information.

The OPM site shows samples of the notification letters it sent to people affected by the data breaches.  As of 12/21/15, you can find the sample letters at

went through the sign up with ID Experts but then could not login to their site. I was met with a statement boxed in red that said my identity could not be verified and gave the same phone # that was on the letter. I called there and after looking at my account was told it's because there is a credit freeze on my account. I told them that I had done a security freeze but that since I'm not applying for a loan it should not matter. They said that I would not be able to login to their site until the Transunion freeze was lifted PERMANENTLY.

That doesn't sound right!

Go to for the most current information. You'll find answers to many of your questions on the OPM site.

As of 12/22/15, the OPM site says that If you have a freeze on your credit report, you will not be able to complete the account creation process until the freeze is lifted. When you place a credit freeze, it restricts access to your credit report.

This FTC article explains more about credit freezes.

So if I go with a fraud alert, would that conflict with ID Experts?

If you have already enrolled and have questions or concerns about your post-enrollment services, you may call 800-750-3004.

Call them.

Just called them. I had to talk to a "credit specialist" because the run of the mill minion has no idea what they're doing. The specialist said that a fraud alert is as problematic to them as the freeze.

I'm not sure they're service warrants lifting the freeze. What's better...catching the problem after it has started (credit monitoring) or stopping potential problems before they start (security freeze)?

I had signed up about one month ago, also feeling a little ill at the process OPM choose. I don't like the fact that OPM has two contractors to do security; CSID and myIDCare. Now I get ~monthly notices from each about all the sexual predators that are in the area. But have not received any other notices. I guess we'll find out in 2019 what OPM ineptitude has done to the country. Perhaps it is a good thing so many have security clearances that they never really needed.

I never worked or applied for a job with the government or a contractor but it says mine is related to the background investigation records. The only possible thing is that I worked for the airlines and they do a background investigation but that was in 1998! WTH isn't that information destroyed...I haven't even worked for the airlines for 10 years. This is just pure recklessness by a government that has billions of dollars to waste and send fake IRS return refunds to romance scammers and spy on us. But they can't purge out of date records they don't even need or protect us from this rampant cyber crime. This is absolutely outrageous.

Go to for the most current information. You'll find answers to many questions on the site.

The OPM site explains who may be affected by the background investigation records breach, and the earlier breach of personnel records.

You are highly likely to be affected if you underwent a background investigation through OPM in 2000 or afterwards.  It is less likely you were affected if you underwent a background investigation before 2000.

You may have been affected if you are a:

  • Current or former federal government employee
  • Member of the military, or veteran
  • Current or former federal contractor
  • Job candidate required to complete a background investigation before your start date
  • Spouse, co-habitant, minor child, close contact of any of the above groups

This is the MyIDCare page:

Do we get all this protection? There's 6 areas.

Is reissuing 21.5 million social security numbers a viable long-term fix?

I tried to sign up but the site required me to enter my full social security number - which I did. I attempted several times to sign up but I was unsuccessful. I then tried to phone but never reached anyone that way. Is there any other help provided directly by OPM by phone? Thanks again!

The verification center may be accessed through a link from the Cybersecurity Resource Center. Or, you may call 866-408-4555 Monday through Friday, between 9 a.m. and 9 p.m., Eastern Time, and ask to speak to an agent.

I was all set up to sign up for services on the MyIDCare website, until I read the Terms of Service. They are both outrageous and frightening. Not only does the company completely disavow any liability for damages caused by mistakes or negligence on their part, but it appears that the company is allowed to assert a claim against you(for any nebulous reason) and make you pay for their lawyers. That is a horrific financial liability that I cannot afford. Why has the government agreed to subject us to such dangerous and one-sided language? Such language is standard in software agreements ONLY because the consumer has no power to negotiate it. The government had such power and failed to exercise it. OPM has an absolute duty to go back to these companies and negotiate the user agreements so that they do not place the victims of this data breach at further risk.

For the same reason this hasn't been on the news much since June...the government wants to keep this quiet and doesn't want to raise a stink in negotiations so that people realize how much of a mess this country is really in.

OPM sends a letter in the mail to those who they have found to be compromised. I have one and so does my husband. Because of a security clearance he had to get. That being said everyone you put information about I would think would be affected as well like our children, family ect. I never got an email from OPM nor my husband so I would be suspect of any email period as I can not fathom how they would even have my email address other than the government email that I do not have just my personal one. I did get the protection they offered but after seeing so many complaints about the company used I had it cancelled. Can not trust anything anymore. I have just the fraud alert on the CRA and should be gtg. As far as I know they have not actively used any of the data stolen. What is concerning to me is perhaps the SS is not what they intended to get but the names and addresses of active personnel. I have honestly not read up on who took it or why but I think I will now. This is the second time MY information as a spouse has been stolen from government agencies. It is getting annoying now. Finger print data breached ? Wow OPM should take some responsibility that they where so easily hacked of security information on active personnel. I hope nothing comes of it but of course they will say its nothing to worry about right. I know of class actions forming on them. Wonder if they will be successful. The letter did not even at least say sorry haha.

Yeah I was going to do this after getting the letter but telling us to enter our entire SSN to register is ridiculous.

Why do they put this information on a computer that is connected to the internet? Is there a way to find out why they have a file on me? (Not a Federal Employee)

If you think your data might have been affected by the OPM breach, go to this OPM page for information.

I got a letter from them.

I enrolled , despite having to give all the info., and it saying no one would ask me for info, but I assume they mean someone contacting me other than via the enrollment screen.

I am not sure I should provide credit cards and banks accounts, are the banks liable for those anyway?

Hi. I received the letter in the mail from the OPM today. I was the victim of identity theft in early May of this year. At this point, I feel that I have little to lose by going ahead and using their services. Good for three years it says. We shall see. All the best to all of us that have been victims of identity theft.

I just received a letter this week, but it looks like the attacks happened a year ago! What is going on here? Is this real? Why am I being notified a year after the fact?

If the letter is from OPM, it should include information about who to call with questions.

You can go to OPM's cybersecurity page for more information.

So, it is now 12/09/16, and I have received another snailmail letter, purporting to be from OPM, citing my need to enroll in a new credit monitoring service, as they are changing from CSID. Is this legit? Lots of personal info required.

Go to the OPM website that you know is legitimate and search for information about credit monitoring service. See whether the real OPM site has information that agrees with the information you got in the letter.

I just received a letter from OPM with a new PIN for the new ID Expert company addressed to me on the outside but containing the name of a different person on the inside. Needless to say, the PIN doesn't work, but it is impossible to communicate with OPM about this matter. Has anyone else received a similar sort of communication? I have searched and searched, but it seems there is no way to communicate back to OPM. The phone numbers and website provide no solution.


Leave a Comment