Government Still Hasn't Notified Individuals Whose Personal Data Was Hacked

schwit1 writes: Months after the federal government admitted publicly that the personal data of more than 20 million government employees had been hacked they still have not sent notifications to those millions. The agency whose data was hacked, the Office of Personnel Management (OPM), said the Defense Department will begin "later this month" to notify employees and contractors across the government that their personal information was accessed by hackers. OPM said notifications would continue over several weeks and "will be sent directly to impacted individuals." OPM also announced that it hired a contractor to help protect the identities and credit ratings of employees whose data was hacked. In a statement, OPM said it had awarded a contract initially worth more than $133 million to a company called Identity Theft Guard Solutions LLC, doing business as ID experts, for identity theft protections for the 21.5 million victims of the security data breach. The contractor will provide credit and identity monitoring services for three years, as well as identity theft insurance, to affected individuals and dependent children aged under 18, the agency said.

Better Tell

Me Now!

Assume it's all out there.

[trout007]

We had some idiot in our HR department of a US Government Agency with everyones personal information on their unencrypted laptop. Of course they left it in the back seat of their car and it was stolen. Nobody fired or demoted.

We also had our IT department send out an e-mail from a fake IP saying to follow a link to test the strength of your password. Something like 35% of the people fell for it.

Meanwhile I can't get the software I need to perform the work I am hired to do becaue I have so much crap running in the background of my machine that it's completely unstable.

Re:Assume it's all out there.

We also had our IT department send out an e-mail from a fake IP saying to follow a link to test the strength of your password. Something like 35% of the people fell for it.

A fake IP? Fake website, perhaps?

Not sure what kind of a response your IT department expected with a fake IP when using TCP.

Re:Assume it's all out there.

[Ol+Olsoc]

Of course they left it in the back seat of their car and it was stolen. Nobody fired or demoted.

and

Meanwhile I can't get the software I need to perform the work I am hired to do becaue I have so much crap running in the background of my machine that it's completely unstable.

Anytime, anywhere, anything like this happens, the people who had nothing at all to do with it are the one's that get punished.

Re:Assume it's all out there.

Devil's advocate:

The problem with government is that it is perceived as uncool to work for, so all the top notch IT talent is either gone or surrounded by people less experienced that make the decisions. Contractors can help... but to someone who isn't versed in the industry, how can one tell a security contractor who knows their stuff, versus a lot of "suit wearing chatter monkeys". Try hiring another contractor to check the work of the first, and you run into collusion issues.

Then add the fact that hiring legions of H-1Bs is very cheap (so much that it is often a requirement for a contract since it "saves money"), and one gets these horror stories, either due to cluelessness, or the fact that the data can be sold back home for a good price.

What really needs to happen in government is a giant enema. Start with the agencies who know what they are doing, let them oversee the rebuilding of IT structures of more problematic agencies.

OPM data needs to have its own classification. It should not be SBU or just PII, but at least with restrictions where only US citizens can maintain it (access is another story and a different ballgame, but the people keeping the data and backing it up shouldn't be the people fresh off the lowest bidder's boat.)

There are other items as well. Laptops, workstations, even SANs should be covered under DAR regulations [1]. There are many other regulations that come with FISMA that, had they been heeded, would not have allowed this breach to happen.

The core of the matter is that with the current contractor system we have now, the buck stops with nobody, and there is always a finger that can be pointed to somewhere else. It either needs to go back to personal responsibility, or go to direct government employees.

[1]: This is very brain dead simple. BitLocker is extremely easy to use. Encrypting tapes is easy as well -- just set a password [2]. All new SANs have self encrypting drives. Even Windows Server 2016

[2]: Yes, there are appliances like what some companies sells which gives each tape its own key [3]... but for almost everyone, just setting a password across all devices on a silo and perhaps changing it every fiscal year is good enough, and will ensure a tape that falls off the Iron Maiden truck won't be a major compromise.

[3]: Of course, backing up those appliances is hard... want a backup? Buy another appliance and replicate. Want to back that up? Buy yet another another to have the keys replicate. Complete site outage? Buy another appliance and have that replicate offsite.

Re:Assume it's all out there.

[bitingduck]

Well it's worse now.

It wasn't clear if that laptop had all the content of the SF-85/85P/86 forms, I don't think they admitted to it being more than the information they used as default passwords for the eQIP system plus basic ID information of who they belonged to. The OPM breach is the complete contents of the forms that everyone filled out since 2000, plus all the investigation data (not much if you're an SF-85, but potentially quite a lot if you're an SF-86). And they had such poor security that they pretty much gave it all away.

Re:Assume it's all out there.

We had some idiot in our HR department of a US Government Agency with everyones personal information on their unencrypted laptop. Of course they left it in the back seat of their car and it was stolen. Nobody fired or demoted.

We also had our IT department send out an e-mail from a fake IP saying to follow a link to test the strength of your password. Something like 35% of the people fell for it.

Meanwhile I can't get the software I need to perform the work I am hired to do becaue I have so much crap running in the background of my machine that it's completely unstable.

Preach it brother.. I completely understand. NMCI has so much $!%^ on it I can hardly access email let alone anything else and don't get me started on the requirements for even a stand alone network in terms of crapware you have to have.... and yet it's ok that OPM has F$%^KED us all once again....

Re:Assume it's all out there.

What really needs to happen in government is a giant enema.

Which the Republicans will never allow because then it would screw up their "government can't do anything right" mantra and spoil their plans to outsource everything to private contracting companies that don't do much better but makes them rich skimming off the top, legally.

just setting a password across all devices

And never logging into it from Windows 10 (or presumably, 7 or 8 with "telemetry") since Microsoft has specifically stated that your keystrokes are sent to them for "safekeeping" (whoops, they make no claim they keep it safe).

replicate

Replication isn't a backup, it's redundancy. A virus (or mistake) eats your file? Now it's eaten it in triplicate.

Re:Assume it's all out there.

You wrote:
The problem with government is that it is perceived as uncool to work for, so all the top notch IT talent is either gone or surrounded by people less experienced that make the decisions. Contractors can help... but to someone who isn't versed in the industry, how can one tell a security contractor who knows their stuff, versus a lot of "suit wearing chatter monkeys". Try hiring another contractor to check the work of the first, and you run into collusion issues.

To which I reply, bullshit. I work for a federal contractor. Most of the folks I work with, contractor and fed alike, are better than you are. Meanwhile, let's talk about how "great" business is... like the mid-nineties, when I worked for Ameritech, then one of the Baby Bells, where I was in a startup division that was going to be their entry in the long distance service sweepstakes. I worked there with some of the best and brightest... and after two years, insane hours (I will *never* work over 70 hours/week again), and three quarters of a BILLION DOLLARS, they decided to shut it down, it was too much trouble or some such.

Upper management everywhere: overwhelmingly, they don't get it, but don't let that worry them.

                    mark

Re:Assume it's all out there.

I'm one of those whose data was stolen in the breach. I haven't been contacted, but I know the parameters and I fit them. Luckily I am a very small fish in a very large pond and so will probably only be the target of run-of-the-mill criminals trying to open bank accounts in my name, etc.

From here on I'm just assuming all my data, for my whole life, that I do not personally control, will always be compromised. I can only trust data which I encrypt and store myself.

Unfortunately I think you are correct. Assume your data is loose in the wild and plan accordingly. There is no security but obscurity.

Re:Assume it's all out there.

similar - and an HR wienie with an unencrypted DB on his PC. He got phished. He had approval from CIO for the DB but it was the CISO that took the hit.

Re:Assume it's all out there.

[trout007]

Right. Not sure what the right term is. The link text looked legit but if you looked at the link itself it was something else. Here is the link
http://passwordtest.it-securit...

Re:Assume it's all out there.

[antdude]

Do you have access to disable and uninstall them?

Identity theft insurnce

It doesnt cover the stress of when someone files taxes in your name.

Or an illegal alien uses you ID to get employment and as ID when they get arrested.

Or when someone uses your ID to take out a bunch of credit and run off.

Or use your ID to get medical care.

And lastly, there's the stress of dealing with a fucking insurance company that is going to make YOU do all the work and jump through all the hoops to get a claim paid,

Do not pass GO, SUE SUE SUE!

Re:Identity theft insurnce

[jimbolauski]

The good news is that data from the OPM hack has not been spotted for sale, this is likely because the OPM data is being used by the Chinese for espionage. The Chinese don't want your identity they want to know how they can approach you to get classified information.

Re: Identity theft insurnce

Unless they someday want to distract every American with a clearance all at once...

Identity theft? Try blackmail mitigation instead..

[burtosis]

Given this opm hack along with Ashley Madison and other cross correlating data that's been hacked, id assume the bigger threat is blackmail here. Sadly data security, even on sensitive military databases, is neglected and not even up to the crappy standards of many businesses.

If one refuses to be proactive ...

... then don't blame the government, or anyone else

If I ever did any job for the government, or anything that could somehow put my name in an 'governemnt employee / contractor list' somewhere, I will take all the precautions I can think of, without having to be told

This is the reality of the world we live in today - if you truly want to be hack-proof ... don't get your name, your photo, or anything that has anything to related to you, online - or even in a database, anywhere

Re:If one refuses to be proactive ...

[Ol+Olsoc]

.. don't get your name, your photo, or anything that has anything to related to you, online - or even in a database, anywhere

Better move to Idaho, and build a compound. Oh wait - you'll still be in someone's database.

They hired a low bid contractor!

[plopez]

I feel so much better now. Because we all know the private sector is so good at security. And their diligent employees never walk out the door with sensitive information.

Re:They hired a low bid contractor!

You do realize you're posting in response to a story about the public sector in one of the largest, most sensitive data breaches ever.... right?

This isn't credit card data we're talking about here, this is just about all the information you can get on someone.

Re:They hired a low bid contractor!

[plopez]

Yes I do. And if you think you haven't lost SSN; or the equivalent in your country; age, sex, address, and other information from banks, retailers and other companies you are naive.

Re:They hired a low bid contractor!

[bitingduck]

This isn't credit card data we're talking about here, this is just about all the information you can get on someone.

And has been collated and verified through alternate sources. It's not like you can give a bunch of fake information every time you renew your access (security clearance or otherwise) - they check it against what they already have and what they get from other agencies and your references and follow up if there are significant changes/differences.

Re:They hired a low bid contractor!

[bitingduck]

Yes I do. And if you think you haven't lost SSN; or the equivalent in your country; age, sex, address, and other information from banks, retailers and other companies you are naive.

The OPM breach is a whole lot more than that for anybody with a clearance. It includes lists of friends, neighbors, associates, their contact information, things that they know about you that may not be in any database, how long they've known you, plus financial information, in some cases medical information, all neatly collated and verified for millions of people.

Re:They hired a low bid contractor!

[Spazmania]

You've never filled out an SF86, have you? No one else has that much information about you all in one file. Not even your relatives. A private investigator could get most of it, but it would be expensive to track down.

No one else except the Chinese apparently. :(

Re:They hired a low bid contractor!

[plopez]

Yes I have, I doubtless have been compromised. I have also applied for a loan, filled out medical forms, registered to vote, registered a motor vehicle etc. There is nothing on the form my employer does NOT have. My employer has work history, next of kin, passport number, proof of citizenship, residence information, reference, military service, and medical information via our health plans.

Not too much of a difference these days that I can see. Except in the case of the government you, at least theoretically, have Constitutional protections.

Re:They hired a low bid contractor!

[bitingduck]

Not too much of a difference these days that I can see. Except in the case of the government you, at least theoretically, have Constitutional protections.

The SC has said very little about privacy in the last many decades, but the basic principle is that you have no right to privacy for information that has ever been shared with anyone else. So you have no constitutional protections. You have some *very* weak protections through the privacy act. Depending on what state you live in, you likely have more legal protection in the case of data breaches at private companies.

Follow the $

[rfengr]

Delayed long enough for OPM beurocrats to retire and form Identity Theft Guard Solutions LLC to make bank?

Will notifications make it worse

What it they mail the notification to an old address?

Re:Will notifications make it worse

[bitingduck]

They should just contract with whoever boosted the data - they have everything they need to verify that they've contact the correct people and probably have more interest in knowing your current address than OPM does.

Need legislation to fix ID theft NOW

[PeterM+from+Berkeley]

The fact that ID theft is a problem for consumers is mostly CROCK.

Why should lenders be allowed to commit libel WITH IMPUNITY against innocent consumers?

It is THEIR fault they didn't bother doing MINIMUM DUE DILIGENCE before loaning someone money!

What kind of IDIOT gives out money without VERIFYING who they are giving it to? Does ANYONE think that a SSN and DoB are "verification" of identity?

Companies and people should NOT be able to use credit reporting agencies to libel someone whose identity they haven't positively established with IMPUNITY.

Congress should IMMEDIATELY pass a law that if a lender can't provide POSITIVE PROOF that the person whose reputation they are trashing is in fact the SELF SAME person who they loaned money to, they should not be allowed to:

1) Put ANY adverse information in their credit report
2) Make ANY attempt to continue collection after the person asserts ONCE that he wasn't the person they loaned the money to

It should NEVER have been allowed that lenders get a free pass to be careless with THEIR money and then impose ANY of the cost of being defrauded due to THEIR OWN NEGLIGENCE on the innocent.

Write Congress on this one, folks!

Also, lawyers, how about a class action lawsuit against lenders for libel?

Best,

--PeterM

Re:Need legislation to fix ID theft NOW

if a lender can't provide POSITIVE PROOF that the person whose reputation they are trashing is in fact the SELF SAME person who they loaned money to

What sort of proof do you think would be sufficient that wouldn't also get stolen?

Re:Need legislation to fix ID theft NOW

Membership in a community. The "cheers" authentication protocol: where everybody knows your name.

Credit isn't a number or a score. Banks should be hiring the glut of humanities majors we have on the job market right now to be the touchy-feely get-to-know-you people that provide "credit" for their patrons. Run a bank the way a small-town insurance agent runs his business. I went to school with my parents' insurance agent. His wife was a teacher at that school. Get to know people. Then you can properly assess whether you should loan them money.

Re:Need legislation to fix ID theft NOW

[sociocapitalist]

While you're writing letters the banking lobby is either buying off those same officials one way or another.

That, or convincing them that the economy is too important and too fragile to allow lending institutions to take the hit.

You'd do better to stop borrowing so much and invest in bank stocks.

Re:Need legislation to fix ID theft NOW

[jwdb]

That solves the problem for some people, but not for those in my situation - I just moved across the country. People from other countries already face this problem: they have no US credit history, so for years they're screwed as far as credit is concerned.

I must admit that I don't know what to do about it, however. I can see the system is broken, but I don't know how to fix it. The European (well, Belgian as far as I know) solution is to not have credit history at all and instead to have far stricter bankruptcy laws, but those laws are a ball and chain around the country's entrepreneurs.

Re:Need legislation to fix ID theft NOW

[Bob+the+Super+Hamste]

Maybe presenting proof of identification in person. I would suggest a government issued identification card like a divers license, or passport. Additionally that information should be verifiable against a database. So you hand over a your drivers license to a bank they look at the picture and verify that your picture matches that face that is looking at them then they enter the license number and state into the DB and up pops the picture on record as well as the other information on the license and they verify that it matches the picture on the license that they just verified matches your face. For their own records the lending institution should have to keep a picture of the identifying document you presented as well as the picture of you on the day you arrived so that if there is a question about the authenticity of the loan they can present this information.

Another idea would be for some sort of government managed PKI system for the general population where the individual never shares the private key with the government. I can sign and/or encrypt e-mails at work using a PKI system, and in Europe* their credit cards make use of a PKI system so why can't the same be done in the US at a national level.

*Yes I know there is something similar here in the us that is being rolled out but chip and pin is better than the stupid chip and sign.

Re:Need legislation to fix ID theft NOW

Same to those who are self-employed and those who are young. Lifes a bitch. It ain't fair. I suspect if there was strict identification procedures around positively identifying those banks and similar entities are issuing credit to the problem wouldn't exist. They're clearly not competent in the identification of there customers and thats where the problem lies.

I think needing to identify a customer though is probably a bad idea though. I think it would make more sense for a bank to issue a small amount of credit and upon successful completely of repayment over a certain period of time followed with income verification checks you wouldn't have this problem.

Hard to contact people with bad information

[jfdavis668]

We had a data breech of personal data, and needed to contact all those involved. When we obtained everyone's email and mailing address, we were surprised how bad the data was, particularly anyone who left. One person moved to Melbourne, Austria. Other addresses were town name only, no state or zip. Whoever entered it just thought it was obvious where that town was. Email servers are shut down and replaced, or departments reorganized, and everyone's email changes. No one thinks to tell the personnel department about these changes. Then, when you have a need for the data, you find half of it out of date. When there is no problem, no one pays attention to the data and tries to fix the problems.

Some notifications already out

[SuperKendall]

The article summary makes it seem as if no-one has been notified, but I know at least one person who works for the federal government that was notified a week or so after the leak was revealed (and given information about the credit monitoring agency).

Re:Some notifications already out

[evendiagram]

As someone awaiting the results of the 2nd OPM breach, it was slightly confusing internally as well. The first OPM breach was announced on June 4th, 2015 with the second breach announced on June 12th. Notifications and credit monitoring service information was released on a rolling basis from June 8th to June 19th. I'm assuming the 2nd was of a much larger scale.

Re:Some notifications already out

[evendiagram]

Correction: Notifications and credit monitoring service information for the first OPM incident was released on a rolling basis from June 8th to June 19th.

Re:Some notifications already out

[bitingduck]

The first one was about 4M people, all direct USG employees. The second was at least 22M people, a very large fraction of whom are contractors who work for companies of various sizes and need regular access to USG facilities or sensitive information. It's more significant information about many more people, and they've done pretty much nothing about it other than blame China for doing exactly the same thing the the US would have done (and may have...)

Notification from OPM

Plenty of blame to go around here, but in the interest of accuracy, both my spouse and I received detailed notification from OPM over a month ago. So far, no damage done and the notification did provide instructions on implementation of ID protection.

Re:Notification from OPM

Your data was probably compromised in the first of the two reported data breaches. That one was government personnel records and affected around 4 million people. This article is about the second data breach, the one which affected over 20 million people who had background investigations performed, presumably to gain a security clearance from the government. The notifications in that second breach haven't gone out yet.

Over 20 million employees?

[CCarrot]

The most shocking statement in this article, to me, is that there are more than 20 million government employees in the US...that's over half the population of Canada!

Granted, that's only about 6% of the population of the US, but still...wow...that's a pretty high MER.

Re:Over 20 million employees?

I read it as 20 Million employees in the database overall. I'd assume that's been accumulated over time. Who knows for sure though? OPM, and they're not talking.

Re:Over 20 million employees?

That's a bit misleading, there are NOT more than 20 million government employees in the US. According to OPM, the Federal workforce totaled 4,185k people in 2014, including the military. (https://www.opm.gov/policy-data-oversight/data-analysis-documentation/federal-employment-reports/historical-tables/total-government-employment-since-1962/)

Regarding the breech discovered in June 2015, read the OPM press release:
OPM and the interagency incident response team have concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, primarily spouses or co-habitants of applicants. Some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen. Notifications for this incident have not yet begun.

Yes, it's a travesty and has been handled poorly. As one of the affected individuals, my employer is providing identity theft protection at their expense.

Re:Over 20 million employees?

I am not a gov't employee but am quite sure my data was taken from OPM. In a previous position I was told to use the E-QIP tool to submit data for an investigation that would allow me to work on a government contract. I went through the entire process and then the work never materialized. I have not been notified that my information was stolen but have no doubt it was.

Re:Over 20 million employees?

I believe that number includes former employees (including former military) and for cleared employees their entire family (spouses, ex-spouses and dependents)

Re:Over 20 million employees?

[bitingduck]

The most shocking statement in this article, to me, is that there are more than 20 million government employees in the US...that's over half the population of Canada!

It's not 20M current employees.

It's everybody who's worked directly for the government or worked as a contractor who needed regulary access to a government facility or needed a security clearance (probably mostly contractors) since 2000, and maybe before. And people who applied in that period and got as far as the investigation forms and were declined. It's everyone who filled out one of three forms: SF-85 (people in non-sensitive positions), SF-85P (people in "public trust" but not national security positions, and SF-86 (security clearances secret or higher), including all the information from the investigation.

Re:Over 20 million employees?

[CCarrot]

Ah, okay then, that makes more sense! Thanks for the clarification!

Just over 4000 people is a lot better than 20 million, but the number of people who apply to government position (the reason, I assume, why they'd want a background investigation?) is still impressive! Or, as a previous poster mentioned, perhaps it simply included a *lot* of historical data.

Whoops, I see another poster mentioned that if you just want to want to work on a government contract, you would need the background investigation through E-QUIP. Now the numbers start to look reasonable, even if their actions are not.

Good luck with this, glad your employer is stepping up for you guys!

Re:Over 20 million employees?

That includes retirees and people who have moved on to other employment.

Re:Over 20 million employees?

[Spazmania]

That was 4.2 miliion, not 4.2 thousand.

The 22 million is folks listed on forms by individuals who applied for a government security clearance. That's employees, contractors and all of their immediate family.

That having been said, nearly 40 million people in the US either work for the government as employees or work for them indirectly under one contract or another.

https://markstoval.wordpress.c...

Re:Over 20 million employees?

[CCarrot]

The most shocking statement in this article, to me, is that there are more than 20 million government employees in the US...that's over half the population of Canada!

It's not 20M current employees.

It's everybody who's worked directly for the government or worked as a contractor who needed regulary access to a government facility or needed a security clearance (probably mostly contractors) since 2000, and maybe before. And people who applied in that period and got as far as the investigation forms and were declined. It's everyone who filled out one of three forms: SF-85 (people in non-sensitive positions), SF-85P (people in "public trust" but not national security positions, and SF-86 (security clearances secret or higher), including all the information from the investigation.

Wow, that is a much wider range than just 'government employees'. 20 million definitely starts to make sense in that context, even if their refusal to deal with the situation doesn't.

Re:Over 20 million employees?

[CCarrot]

That was 4.2 miliion, not 4.2 thousand.

The 22 million is folks listed on forms by individuals who applied for a government security clearance. That's employees, contractors and all of their immediate family.

That having been said, nearly 40 million people in the US either work for the government as employees or work for them indirectly under one contract or another.

https://markstoval.wordpress.c...

Whoops, sorry, reading comprehension fail :)

40 million direct and indirect employees, though...wow. 12.5% of the population. How much are your income taxes again? Not that Canada's doing any better in that regard. I'd be curious to see what the comparative numbers north of the border are...

Re:Over 20 million employees?

[gymell]

I've never been a government employee, but I am a contractor who worked for a subcontractor on a project that required a security clearance. So I had to submit a form SF-86 and this means that my data is part of this hacking. I've yet to receive any official notification about it.

Re:Over 20 million employees?

[superwiz]

I actually thought the 6% figure was shocking. Government employees (past and present) account for ~20% of the US GDP. This figure doesn't take into account the money paid by the government to other citizens (then the figure goes up to 35%). So if 6% of the population were consuming 20% of the GDP, they'd be considered a fairly wealthy class. Turns out it's less than 6% of the population (almost none of the past government contractors are on government pensions).

Re:Over 20 million employees?

It all depends on how they figure the number. It can include people who applied for positions but didn't get the job. It can include the same people multiple times for each time they renewed or upgraded a clearance. It can also include everyone's relatives because name/address/ssn/dob is required for spouses, siblings, parents, inlaws, and roommates. All this for employees, military, contractors, temps, etc.

And there are a lot of people employed directly or indirectly by the federal government. Consider that even the people who work at the Taco Bell in the Pentagon have to have clearances.

Re:Over 20 million employees?

According to http://www.dlt.ri.gov/lmi/laus/us/usadj.htm, it's around 1/4th of the actual workforce in this country, as opposed to just the population. The situation is completely abysmal.

Re:Over 20 million employees?

I don't believe it is everybody that filled out an SF-86. My wife and I worked at a site that we both had clearances. I recently switched jobs and my clearance was transferred to another agency. My data was likely compromised, my wife's was not. To the best of my understanding anyway.

Re:Over 20 million employees?

[bitingduck]

You would be safe in assuming your wife's data was also taken: https://www.opm.gov/cybersecur...

Scroll down to "how you may be affected"

Re:Over 20 million employees?

6%!!!!!!!! That's no small number.

We need to crush government spending. Drop it down to .02% of the population please. I'll hire my own security protection thank you very much.

well, maybe

[superwiz]

maybe they are just negotiating with the individuals in possession of the information to um... sort it out so that the government itself can have efficient access to it? maybe even make it... umm... searchable... so they can figure out who's who? probably cheaper to pay terrorists to do it than the government contractors.

And we can trust this government with healthcare!!

How many people who get outraged over this, the NSA's warrantless wiretaps, drone strikes, and "extrajudicial killings" of US citizens want to put this same government in charge of all health care?

When you want something done right...

I had to do it myself. My former employer (a contractor) denied anything had happened right up until it was publicly admitted. Had to hunt down someone at OPM and do all the leg work myself. Look at how the government acts in the interests of the American people - they treat their employees even worse.

erm

[Aryden]

I got my notification as did everyone else in my office.

Do the math!

$133m contract to protect 21.5m victims?

I wonder how much ID Theft protection you get for $6 per victim?

I guess that's why the contract is "initially worth more than $133 million."

How long before that contract balloons into the billions/trillions?

Two important factors

If you read the "what we do" about Identity Theft Guard they dont really DO anything but advise you on what to do if you think that your credit has been compromised!...

Secondly, I have not been notified nor has anyone in the agency I work in. As a contractor its just business as usual, about 2 weeks after this broke they required us to update our financial disclosures and fax them to OPM,,.,,,,

3 years?

Thanks, incompetent assholes. What the fuck are we supposed to do AFTER that? Does the information magically transform back into CHAOS after 3 years?!? These goddamned fucking morons need to fix this permanently, by issuing new SSNs to EVERYONE whose data was lost, or better still, change the laws, rules, regulations, etc to make the information worthless!

These FUCKING shitheads... let me tell you what. Not firing them and jailing those responsible is basically okaying what they did.

Who has been fired over this? Anyone?