news/announcements/frequently-asked-questions/” target=”_blank”>Frequently
Asked Questions section of its website Thursday with a few more details
about the files hackers accessed. OPM previously stated that
the breach affected 4 million current and former federal employees. It now
says that estimate includes employees of any branch of the government whose
organizations sent records to OPM for retirement purposes, regardless of
whether the employee’s full personnel file
is stored on OPM’s network.
“These records include service history records (such as the SF
2806), court orders, and other records and information that pertain to
annuity calculations,” OPM said on the website.
Those records include sensitive information such as names, Social Security
numbers and birth dates. They may also contain an employee’s job assignments,
training records and benefit selections, OPM says.
OPM maintains personnel records for most, but not all, civilian agencies.
Other federal organizations may submit an employee’s service-history
documentation to OPM on certain occasions, the agency warned. Those include
when an employee transfers from one agency to another, leaves an agency, or
when the agency changes its payroll service center.
OPM said it believes active military personnel were not affected, although
current and former Defense Department civilian employees were. It cautioned
that it is still investigating the incidents, and new information might cause
it to revise those statements.
Victims should receive notices by email or post from CSID, a company that OPM
has contracted with to provide identity-
protection services. OPM said it will finish sending those notices out
today, but it may take a few more days to arrive.
In comparison to the details shared about this data breach, OPM has
said little about a more recently announced breach reported to put 14 million
people at risk.
Investigators discovered that breach in the course of investigating the
first attack. The larger breach compromised security-clearance holders and
applicants’ records. OPM said it is still determining the scope of that
intrusion. It expects to notify victims at some point, it said.
“The investigation is still ongoing, and we will notify affected individuals
as soon as is practicable. As with any such event, it takes time to conduct a
thorough investigation and to identify the affected individuals,” it said.
OPM has tried to reassure those going through background investigations now
that their data is secure. It still is processing those files. It said it is
working closely with the White House, Homeland Security Department and others
to safeguard that data.
“Protecting the security and integrity of the information entrusted to OPM is
central to our mission, and we will continue to keep you apprised as the
investigation continues,” OPM said.
OPM has been criticized by federal employee groups and members of Congress for
the lack of information it has shared with the public about the two breaches.
OPM Director Katherine Archuleta refused to answer many questions posed by
lawmakers at a congressional hearing earlier this week. She said those
questions were best discussed in a classified setting.
Since then, a number of lawmakers have called on Archuleta to step down.
RELATED STORIES:
