Federal letter sent to millions of cyberattack victims is legit

Question: Are you able to verify in some way that a letter I received is not a fake or scam or solicitation for identity theft protection? Who is Beth F. Cobert, and why is she mentioning her own experience of intrusion? It rang “untrue” to me right away, but I want to have confirmation from another source. I have not logged on to anything on the letter. If you are able to check, I would really appreciate your kokua and I will be more at ease.

Answer: Beth F. Cobert is acting director for the U.S. Office of Personnel Management, and the letter you received from her appears to be authentic. Unfortunately, that means you are among the 21.5 million individuals nationwide whose personal information was stolen in a major cyberattack against the federal government that was announced in June.

On Sept. 30, OPM began mailing notification letters directly to affected individuals and said that the notification process would continue for about 12 weeks. You received your letter Friday, and it matches verbatim the sample notification letter posted on the OPM website, in which Cobert describes the data heist as a “malicious cyber intrusion carried out against the U.S. government.”

By mentioning that her own identifying information was among the data stolen, Cobert highlights that she has a personal stake in the success of actions taken to minimize consequences for victims. Given the number of federal employees and retirees living in Hawaii, we are confident that you are not alone here in receiving this letter.

All victims were automatically provided identity theft insurance and identity restoration services by the government, and the letter spells out instructions for enrolling in additional credit- and identity-monitoring services at the government’s expense. These services are being provided for three years to the victims and to their minor, dependent children. To enroll, you may call the number provided in the letter, 800-750-3004, or go online to www.opm.gov/cybersecurity. In either case you’ll need the unique PIN number printed at the top of your letter to complete the process.

The additional services are being provided by ID Experts, the company that OPM has hired, which specializes in identity theft protection. Please note that neither OPM nor ID Experts will contact you to confirm any personal information. As the letter states in bold type, “If you are contacted by anyone asking for your personal information in relation to this incident, do not provide it.”

Don't miss out on what's happening!

Stay in touch with top news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

You can read much more about what happened here, 808ne.ws/1XD5aNt, or you can listen to a short summary by calling 866-740-7153, toll-free. In a nutshell, according to OPM: Anyone who underwent a federal background check in 2000 or later likely was affected, because the background investigation databases of current, former and prospective federal employees and contractors for that period were compromised. The Social Security numbers of 21.5 million people were among the sensitive information stolen; this includes 19.7 million people who applied for background investigations (either because they were seeking a job, a security clearance or for some other reason) and 1.8 million nonapplicants, primarily spouses, partners or roommates of applicants. In 5.6 million of the cases, applicants’ fingerprints also were stolen. User names, passwords and, in some cases, findings from the background investigations were taken as well.

If it’s any solace, your fingerprints apparently were not compromised. OPM is mailing two distinct versions of the notification letter, depending on the level of intrusion. You received the letter that mentions Social Security numbers and other personal information but not fingerprints.

Both versions say that the government is not aware of any misuse of personal information after the cyberattack, but is providing “a comprehensive suite of identity theft protection and monitoring services” nonetheless.

Mahalo

Thank you to the person who recently found my wallet in the parking lot of a Kaneohe fitness center and turned it in. Your honesty saved me much anxiety and flat-out work. Merry Christmas! — S.C.

———

Write to “Kokua Line” at Honolulu Star-Advertiser, 7 Waterfront Plaza, Suite 210, 500 Ala Moana Blvd., Honolulu 96813; call 529-4773; fax 529-4750; or email kokualine@staradvertiser.com.