OPM starts second wave of notices to hacked feds

The Office of Personnel Management has started notifying those impacted by the breach that affected over 22 million people, according to OPM Director Beth Cobert. The notifications will only come via snail mail.

The Office of Personnel Management has started notifying those impacted by the breach that affected over 22 million Americans, according to acting Director Beth Cobert Thursday.

In a blog post on the OPM website, Cobert says the agency started sending notifications this week. The notices, which are only being sent by postal mail, will contain a personalized identification number (PIN) number people can use to sign up for identity protection services.

Cobert stressed that email will not be used to contact people, nor will anyone acting on OPM’s behalf will reach out to confirm any personal information.

“If you are contacted by anyone asking for your personal information in relation to compromised data or credit monitoring services, do not provide it,” Cobert writes


The letters will describe the options for protection and credit monitoring services provided for people for at least three years at no cost to impacted individuals and their dependent minor children.

In the wake of the revelation that more fingerprint data was taken than previously believed, OPM says the government will provide additional information to those whose fingerprints were stolen. The fingerprint data was taken in the second of two breaches, separate from the breach discovered in June that affected 4.5 million people.

Cobert warned that while the process has started, it’s going to be lengthy. The director wrote that the process will “take considerable time” to complete.

“I understand that many of you are frustrated and concerned, and would like to receive this information soon,” she wrote. “However, given the sensitive nature of the database that was breached – and the sheer volume of people affected – we are all going to have to be patient throughout this notification process.”

For those who believe they will not get a notification via postal mail, a FAQ on the OPM website says the government is setting up a resource to request a PIN and enter a new address. OPM did not respond by publication to FedScoop’s question of when that resource will go live.


A month ago, OPM and the Defense Department awarded a contract to Portland, Oregon-based ID Experts for identity theft protection, identity monitoring, and data breach response and protection services in the wake of the OPM hack. The contract offers $1 million in identity theft insurance for employees along with free identity restoration services for anyone found to have been a victim of identity theft.

You can read the full blog post on OPM’s website.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts