OPM data breach – what should you do?
Update (December 9, 2015): OPM discovered a second data breach that affects federal employees, contractors, and others. If you received a letter from OPM, please visit opm.gov/cybersecurity to learn more about what happened and to sign up for free identity protection services.
A data breach at the Office of Personnel Management (OPM) – and you’re a current or former federal employee whose personal information may have been exposed. What should you do? Take a deep breath. Here are the steps to take.
- Check your credit report at annualcreditreport.com. Look for accounts or charges you don’t recognize. Even if the breach didn’t involve credit card information, thieves may use your Social Security number, address and date of birth to open accounts in your name.
- OPM announced that it plans to offer credit report access, credit monitoring, and identity theft insurance and recovery services to potentially affected individuals. Take advantage of this offer.
- Place a fraud alert on your credit reports. With a fraud alert, businesses must verify your identity before providing new credit. An initial fraud alert lasts 90 days but you can renew it.
If your information was exposed, then OPM will send you a letter explaining what information was involved. Your next steps depend on the type of information exposed:
Social Security number
- Consider placing a credit freeze. Why? Thieves can use your Social Security number to open new accounts. With a credit freeze, no one can open a new account in your name (until you lift the freeze).
- Next year, try to file your taxes early – before a scammer can. Once your Social Security number is exposed, a thief can use it to get your tax refund.
Bank account, credit card, or debit card information
- Contact your bank or credit card company to cancel your card or close your bank account. Request a new account number.
- If you have automatic payments, update them with your new account number.
- Review your transactions regularly to make sure no one has misused the account.
Online login or password
- Log into the account to change your username or password. If you can’t login, then ask to shut down the account.
- If you use the same password elsewhere, change that too.
Remember to continue checking your credit report at annualcreditreport.com, in case information is misused in the future. You can order a free report from each of the three credit reporting agencies once a year.
If you discover that someone is misusing your information, you’ll need to take additional steps, including filing a complaint with the FTC. IdentityTheft.gov walks you through those steps – because recovering from identity theft is easier with a plan.