OPM finishes initial outreach to hack victims — 1.5M left out

​The Office of Personnel Management has concluded its initial effort to notify victims of the agency's massive breach announced earlier this year.

A sample breach notification letter. (OPM)

The Office of Personnel Management has concluded the initial phase of its effort to notify victims of the agency’s massive cyber breach discovered earlier this year, but more than a million letters still haven’t been sent.

About 93 percent of the 22.1 million government employees, applicants for federal security clearances and their family members whose Social Security numbers and personal information were compromised in the hack have been sent notifications, OPM announced Friday. From now on, the agency will focus its efforts on sending notification letters to those who inform the agency, through its new online verification center, that they haven’t yet received a postal notification.

[Read our complete timeline of the OPM hacks here.]


Because of the method by which OPM went about notifying victims, prioritizing the security of their information, it wasn’t able to find the appropriate information for all victims, the agency said in a statement. About 7 percent — or 1.5 million — still haven’t been sent letters.

“OPM has engaged in a rigorous process to notify impacted individuals through a method that prioritized the security of their information,” the statement says. “Additionally, significant time and effort was spent to collect appropriate contact information for impacted individuals.

Press Secretary Sam Schumach said in a statement that OPM is dedicated to informing the 7 percent not yet notified through its outreach via the verification center.

“OPM and our partners across government remain committed to protecting the safety and security of the information provided to us,” Schumach said. “Together with our interagency partners, OPM is dedicated to delivering high-quality identity protection services to impacted individuals. The interagency team continues to review the impacted data to monitor for any misuse, and the U.S. Government will also continue to evaluate the coverage being provided and whether any adjustments are appropriate in association with this incident.”

Reach the reporter on this story at Follow him on Twitter @BillyMitchell89.

Latest Podcasts