Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
OPM data breach – what should you do?
Old 06-05-2015, 04:21 AM   #1
Thinks s/he gets paid by the post
Tadpole's Avatar
 
Join Date: Jul 2004
Posts: 1,170
OPM data breach – what should you do?

Federal workers and retirees are affected. Recommendations include changing bank accounts.
OPM data breach – what should you do? | Consumer Information




The OPM data breach that was announced yesterday affects 4 million people.


Although the ftc instructions above said bank accounts should be closed the Washington Post reported that:
Quote:

"The intruders in the OPM case gained access to information that included
employees’ Social Security numbers, job assignments, performance ratings and
training information, agency officials said. OPM officials declined to comment
on whether payroll data was exposed other than to say that no direct-deposit
information was compromised. They could not say for certain what data was taken,
only what the hackers gained access to."
Chinese breach data of 4 million federal workers - The Washington Post
__________________

__________________
Tadpole is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 06-05-2015, 07:23 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,642
Even if hackers got payroll info how would that give them access to your accounts? Routing and account numbers are printed on the face of every check. OPM doesn't have your passwords. I already have a credit freeze. That is all I plan ---- for now.
__________________

__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 06-05-2015, 07:39 AM   #3
Thinks s/he gets paid by the post
Tadpole's Avatar
 
Join Date: Jul 2004
Posts: 1,170
The FTC advice must be just canned advice to which they added a paragraph about the OPM breach. Freezing one's credit makes it a little more difficult to chase CD rates. I've resisted freezing mine but am now on several of these free credit monitoring arrangements. It seems like there is a rash of breaches lately. So, I will finally go for the freeze.


IT people - if OPM (or other) has such difficulty detecting a breach, how do they know when one has NOT occurred?
__________________
Tadpole is offline   Reply With Quote
Old 06-05-2015, 10:29 AM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,571
Quote:
Originally Posted by Tadpole View Post
IT people - if OPM (or other) has such difficulty detecting a breach, how do they know when one has NOT occurred?
They don't. Proper design, testing, audits are supposed to mitigate risk. IMHO very few organizations do that.

Little different but related. I sat in a discussion one day of organizations that had implemented high availability into their systems for DR. Over 90% of the participants had never completed a successful test. These were major companies that everyone here would recognize their names. They had spend millions on the technology but never tested to ensure their procedures would work.


🐑
__________________
MRG is online now   Reply With Quote
Old 06-05-2015, 10:35 AM   #5
Confused about dryer sheets
 
Join Date: Jan 2013
Location: Plato, MN
Posts: 1
Big data breach after federal agency loses a bunch of funding. Nothing suspicious here?
__________________
DonavonP is offline   Reply With Quote
Old 06-05-2015, 10:37 AM   #6
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
Quote:
Originally Posted by Tadpole View Post
IT people - if OPM (or other) has such difficulty detecting a breach, how do they know when one has NOT occurred?
To know for certain that there has been no breach you must deny access to all. Then you know it!

I happen to be writing about security in the cloud, and have so many thoughts in my head right now I can't get out much of anything. (DENY ALL).

If you search for topics like "cloud security architecture" and look at images, not regular search finds, you can inspect a few images and understand how complex this landscape is. There is not one approach or one network that is immune forever. The threats are constantly evolving, and each minute some new idea has to be built out and implemented to deflect the new stuff coming at you.

One thing that is probably not mature in the fed and mil landscape is experience with IDS Intrusion Detection Systems. These are inside your cloud and looking at bits of stuff.
__________________
target2019 is offline   Reply With Quote
Old 06-05-2015, 10:37 AM   #7
Full time employment: Posting here.
 
Join Date: Jan 2008
Posts: 882
Quote:
Originally Posted by DonavonP View Post
Big data breach after federal agency loses a bunch of funding. Nothing suspicious here?
4M is pretty small compared to the breaches in the private sector.
__________________
jebmke is offline   Reply With Quote
Old 06-05-2015, 10:40 AM   #8
Full time employment: Posting here.
 
Join Date: Jan 2008
Posts: 882
Quote:
Originally Posted by donheff View Post
Even if hackers got payroll info how would that give them access to your accounts? Routing and account numbers are printed on the face of every check. OPM doesn't have your passwords. I already have a credit freeze. That is all I plan ---- for now.
It is amazing how many people will hesitate to give out the routing/account numbers while readily write a check at a local grocery store and hand the same data to a teenage clerk.

When I lived in Europe it was customary to put these numbers on your personal calling card -- that is how people transfer money to you. Checks didn't exist.
__________________
jebmke is offline   Reply With Quote
Old 06-05-2015, 11:14 AM   #9
Recycles dryer sheets
 
Join Date: Sep 2012
Location: Albuquerque
Posts: 498
I'm also on a free credit monitoring arrangement from the last time my federal agency files were hacked.
__________________
ABQ2015 is offline   Reply With Quote
Old 06-05-2015, 01:13 PM   #10
Thinks s/he gets paid by the post
packrat44's Avatar
 
Join Date: Jun 2007
Location: near Canadian border and near Mexican border
Posts: 1,142
Quote:
Originally Posted by donheff View Post
Even if hackers got payroll info how would that give them access to your accounts? Routing and account numbers are printed on the face of every check. OPM doesn't have your passwords. I already have a credit freeze. That is all I plan ---- for now.
Totally agree. I froze my credit in 2006 when my identity was stolen prior to any known attempts to use it. My DW froze hers 2 years ago after someone opened an account with her info and she was billed. A medical clinic she had used several years prior, finally fessed up and admitted recently there had been a breach and her info lost. I have heard medical firms are the most common source of breaches.

The credit freeze gives me some comfort.
__________________
Pigs get fat, hogs get slaughtered. That's my story and I am sticking to it.
packrat44 is offline   Reply With Quote
Old 06-05-2015, 01:33 PM   #11
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,860
From the article,
Quote:
The intruders in the OPM case gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-
deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
Since I am a federal retiree, I could care less about job assignments, performance ratings, and training information. They can browse those all they wish as far as I'm concerned.

That leaves my SS number. Granted, I try to keep that private but I wonder how much they can actually do with it. Even if they do try to open credit accounts somehow with little more than a name and SS number, I doubt they would do that for each of 4,000,000+ accounts that were hacked.

Honestly I wish they would do SOMETHING to stop these scares. Surely it can't be that hard. This isn't the first time that there has been a massive loss of federal employees' information. I remember this happening to those of us who held federal credit cards (for work) maybe 10-15 years ago.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is offline   Reply With Quote
Old 06-05-2015, 03:43 PM   #12
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
The information may not be of much use right now, but it will be aggregated with other data as times goes on. Eventually some crafty group on foreign soil will be able to launch a catastrophic electronic hit.

These strikes can be deflected, but the immense size of our gov't makes it unlikely that it will all be fixed. There's too much old stuff to fix.
__________________
target2019 is offline   Reply With Quote
Old 11-12-2015, 05:01 PM   #13
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
Oh goodie! I received my OPM notice today. They botched basic security but gave me free monitoring for three years. Chinese are patient. I'd expect a major event in 2018/2019.

I'm off to hunt down these ill mannered scoundrels.
__________________
target2019 is offline   Reply With Quote
Old 11-12-2015, 05:09 PM   #14
Thinks s/he gets paid by the post
zinger1457's Avatar
 
Join Date: Jul 2007
Posts: 1,452
Quote:
Originally Posted by target2019 View Post
Oh goodie! I received my OPM notice today. They botched basic security but gave me free monitoring for three years. Chinese are patient. I'd expect a major event in 2018/2019.
Got my letter from OPM about 2 weeks ago and signed up for the monitoring service. I applied for a new credit card yesterday and soon got an alert notice so that part of the monitoring service works.
__________________
zinger1457 is offline   Reply With Quote
Old 11-12-2015, 06:36 PM   #15
Thinks s/he gets paid by the post
 
Join Date: Dec 2014
Posts: 1,660
Quote:
Originally Posted by target2019 View Post
Oh goodie! I received my OPM notice today. They botched basic security but gave me free monitoring for three years. Chinese are patient. I'd expect a major event in 2018/2019.

I'm off to hunt down these ill mannered scoundrels.
Quote:
Originally Posted by zinger1457 View Post
Got my letter from OPM about 2 weeks ago and signed up for the monitoring service. I applied for a new credit card yesterday and soon got an alert notice so that part of the monitoring service works.
where have you been... got my notice a long time ago... but then my employment was in the 1980's for a month or two.
__________________
bingybear is online now   Reply With Quote
Old 11-12-2015, 06:48 PM   #16
Thinks s/he gets paid by the post
Dash man's Avatar
 
Join Date: Mar 2013
Location: Limerick
Posts: 1,668
Got my notice back in August, but I've been using a monitoring service for years from previous hacks. It never ends.


Sent from my iPhone using Early Retirement Forum
__________________
Dash man is offline   Reply With Quote
Old 11-12-2015, 06:59 PM   #17
Thinks s/he gets paid by the post
zinger1457's Avatar
 
Join Date: Jul 2007
Posts: 1,452
Quote:
Originally Posted by bingybear View Post
where have you been... got my notice a long time ago... but then my employment was in the 1980's for a month or two.
I did receive a notice from OPM shortly after the hack that my personal information 'may' have been taken and gave me a one year monitoring service. The most recent letter stated very clearly that my personal data 'was' taken.
__________________
zinger1457 is offline   Reply With Quote
Old 11-12-2015, 07:12 PM   #18
Thinks s/he gets paid by the post
Nodak's Avatar
 
Join Date: Feb 2010
Location: Cavalier
Posts: 2,317
I got my notice about a month ago.
__________________
"Don't take life so serious, son. It ain't nohow permanent." Pogo Possum (Walt Kelly)
Nodak is offline   Reply With Quote
Old 11-12-2015, 08:44 PM   #19
Recycles dryer sheets
 
Join Date: Apr 2012
Location: Birmingham, AL
Posts: 189
Both OPM and IRS data breaches affect us. Got one year of ID theft protection through the IRS and three years through OPM...different vendors for each. Before that, had personal data heisted from Home Depot (one year ID theft protection through them which has since expired) No problems noted...yet. However, all of this is certainly not a confidence builder in the security of personal and financial transactions we do online.
__________________
Greg V is offline   Reply With Quote
Old 11-13-2015, 12:33 AM   #20
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
Quote:
Originally Posted by bingybear View Post
where have you been... got my notice a long time ago... but then my employment was in the 1980's for a month or two.
I've been here, writing about secure practices. What irony! Secure your data at rest...

Never was a fed employee. The data given away is always much larger and broader than revealed.
__________________

__________________
target2019 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible security breach? Lsbcal Other topics 13 11-07-2013 11:52 AM
Into the Breach Foghorn Leghorn Hi, I am... 2 03-30-2013 07:07 AM
OPM retirement Sept late payment BillNOVA FIRE and Money 14 09-03-2012 11:20 PM
OPM news (federal retirees take note) freebird5825 Other topics 0 02-26-2008 08:44 AM
Security Breach for Online TurboTax samclem Other topics 0 04-12-2007 07:18 PM

 

 
All times are GMT -6. The time now is 09:47 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.