OPM data breach – what should you do?

Update (December 9, 2015): OPM discovered a second data breach that affects federal employees, contractors, and others. If you received a letter from OPM, please visit opm.gov/cybersecurity to learn more about what happened and to sign up for free identity protection services.

A data breach at the Office of Personnel Management (OPM) – and you’re a current or former federal employee whose personal information may have been exposed. What should you do? Take a deep breath. Here are the steps to take. 

First Steps

  • Check your credit report at annualcreditreport.com. Look for accounts or charges you don’t recognize. Even if the breach didn’t involve credit card information, thieves may use your Social Security number, address and date of birth to open accounts in your name.
  • OPM announced that it plans to offer credit report access, credit monitoring, and identity theft insurance and recovery services to potentially affected individuals. Take advantage of this offer.
  • Place a fraud alert on your credit reports. With a fraud alert, businesses must verify your identity before providing new credit. An initial fraud alert lasts 90 days but you can renew it.    

Next Steps

If your information was exposed, then OPM will send you a letter explaining what information was involved. Your next steps depend on the type of information exposed:

Social Security number

  • Consider placing a credit freeze. Why? Thieves can use your Social Security number to open new accounts. With a credit freeze, no one can open a new account in your name (until you lift the freeze).
  • Next year, try to file your taxes early – before a scammer can. Once your Social Security number is exposed, a thief can use it to get your tax refund.

Bank account, credit card, or debit card information

  • Contact your bank or credit card company to cancel your card or close your bank account. Request a new account number.
  • If you have automatic payments, update them with your new account number.
  • Review your transactions regularly to make sure no one has misused the account.

 Online login or password

  • Log into the account to change your username or password. If you can’t login, then ask to shut down the account.
  • If you use the same password elsewhere, change that too.

For updates about the breach, check OPM’s website. For more information about what to do after a data breach, and a handy checklist of steps, visit Identitytheft.gov/databreach.

Remember to continue checking your credit report at annualcreditreport.com, in case information is misused in the future. You can order a free report from each of the three credit reporting agencies once a year.

If you discover that someone is misusing your information, you’ll need to take additional steps, including filing a complaint with the FTC. IdentityTheft.gov walks you through those steps – because recovering from identity theft is easier with a plan.   


Is this impacting retirees and recipients of death benefits?

Former federal employees could be affected. OPM's website says that beginning on Jun 8 and continuing through June 19, OPM will be sending notifications to approximately 4 million individuals that could be affected by the breach.

How do I delete my idcare account I think its all fraud how do I delete

MyIDCare is what is being used to protect you, it is not fraud.

MeDIcare is an OPM company the same folks that are responsible for the breach

I'm still USMC wife of 13yrs, & I'm a Former Goverment Contractor X's 2 @ a Naval Hosp Fam Med & did the fingerprint(2002-2005 & 2008-2009), then moved onto the Taxpayer Advocacy Panel w/in the IRS/Dept of Treasury; got another OMB No. Sec Clearance.

Here's my issues: I get this letter, thinking it was my husbands this time. (Note: I have been dealing w/every type of fraud since 2005 & I've been hit 18 times, since before this letter.) Now, I call & I set it all this up, thru IDCare, BAM!! They call me, "Mrs. X, your email address, do u not know"? ... You have to have a "Special Pin #", you should have been getting a lot of notices that all your personal information, banking and financial services and medical and more were compromised back around 2003-2004."

"Excuse me"?? I tell them about my cell that was sent to me UN-ReStored & no one will take the blame for it, all the bank charges of fraud & wont pay back, how many yrs I have worked on this, the Government saying no ur SS# safe, when I had to prove I owned it & I have was me in 2005?? I just want to know bc I'm so tired of filing who @ the OPM is personally responsible for not notifying me? My husband is Active Duty, I'm EFMP, their in the same building, or so I heard... Who is going to fix our credit, make the banks, credit card Companies pay us back? Honestly, How many years was I not contacted about this lack of communication & w/my diagnosis's I don't have the energy Renal disease takes it all out of you. Help us plz

If you enrolled in identity protection services after your information was involved in a data breach, you can ask the service to help you respond to problems with your accounts.

You could go to IdentityTheft.gov to report identity theft and get a personal plan to help you respond to problems. You can list the accounts that were affected, and get a checklist of steps to take to respond to problems. You can also get an Identity Theft affidavit and prefilled letters and forms to send to companies and creditors when you report identity theft.

Yes, I have done all that, however, yet nothing is being done to me. Matter of fact I've found that my medical records are missing several years & that I'm still doing everything on my own. Plus I have been informed by DMV, which wouldn't give me any proof, that my SS# & more has been used in other states for DL. I can't make a police report on word of mouth, I have to have written proof for anything to stick. Ty

Pervasively hacked for 5+years by example. Did all the required reports. It ruined my life and not one agency or company did a thing. I have evidence and am informed by very knowledgeable skilled persons that what is being used to illegally cyberstalk me is technologies that the government should be interested in as it is beyond what is being seen but im only a person so nothing. Hopefully I can get a volunteer group to take my case.

Please advise if records included previous employment prior to 2000. Recent credit report denotes identity theft has been displayed. Will contact Bank.


Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.