The Office of Personnel Management has launched a website so people who may be victims of the agency’s massive cyber breach detected earlier this year can check whether their personal information was actually compromised.
The verification site, hosted by the Defense Department, is meant to help quell the confusion of the federal employees and security clearance applicants, as well as those close to them, who haven’t yet received a letter from OPM notifying them that their information was taken in the breach. After submitting information into the form, which requires a Social Security number, entrants will receive a response letter via the U.S. Postal Service in two to four weeks.
OPM said despite the launch of this tool, it is still mailing original notification letters to breach victims, and will continue to do so through mid-December.
“If you do not receive a letter by the middle of December, either the government could not identify a valid address for you after using both government and commercial data sources, or our records indicated that your Social Security Number was not compromised in the intrusion,” acting OPM Director Beth Cobert said in a statement.
This tool is also an opportunity for those who may have misplaced their notification letter, which contains a PIN they can use to sign up for three years of credit monitoring and identity protection services without charge. It also gives family members or others connected to confirmed victims a chance to check if their information was compromised as well.
OPM said Tuesday 1.2 million Americans have enrolled in the free protection services so far, and agency leadership urges others to follow suit.
[Read our complete timeline of the OPM hacks here.]
Outside of the verification system’s main purpose, DOD may also use the data for “tracking, reporting, measuring, and improving the Department’s effectiveness in implementing this data breach notification,” the website says.
OPM partnered with the Defense Information Systems Agency, on behalf of the Defense Manpower Data Center, to lead the development of this tool. In September, DISA awarded Advanced Onion LLC $1.8 million to build the system and assist with processing and tracking any returned notification letters in a special database.