Federal workers discuss OPM data breach, next steps

Jeff Karbery of the Maryland Attorney General's office speaks to federal workers at a forum for victims of the data breach at the Office of Personnel Management.

When Raymond Jacobson saw an email from the federal Office of Personnel Management informing him that his Social Security number and other personal information had likely been stolen in what is believed to be the largest cyberattack in U.S. history, he wasn't too surprised.

Jacobson, a grants administrator at the National Institutes of Health, had been watching the news and expected he might be among the 21.5 million people affected by the OPM data breach. So instead of feeling shock, he felt concern — mostly for his twin daughters.


"They're 8 years old," said Jacobson, of Gaithersburg. "They have a whole lifetime ahead of them with their information compromised."

Jacobson brought the girls with him to an identity theft and fraud protection forum hosted last week by Rep. John Delaney in Germantown.


About 200 attended the forum, at which officials from 13 agencies focused on how they and their families could move past the OPM breach announced this month. The breach came on top of another hack, announced last month, that affected 4.2 million people.

"One of the blessings that can come out of this is we finally respond as a nation to this threat," Delaney said. "Citizens need to start thinking about this in the same way they think about other security ... in the same way we lock our doors at night and set our alarm systems."

The Montgomery County Democrat said the breaches should spur the government and private businesses to spend more on cybersecurity.

"This is a growing threat, and we have underinvested in protecting our citizens," he said.

The Office of Personnel Management's director, Katherine Archuleta, resigned over the breaches, and two federal employees have filed lawsuits against the agency.

The National Treasury Employees Union, which represents about 150,000 federal workers, contends that the Office of Personnel Management violated their constitutional rights by not protecting their private information.

"We believe that a lawsuit is the best way to force OPM to take immediate steps to safeguard personnel data, prevent such attacks in the future and help our members protect themselves against the fallout," NTEU President Colleen M. Kelley said in a statement.

The American Federation of Government Employees, which represents 650,000 federal workers, also filed a lawsuit.


Federal officials have agreed to offer affected employees at least three years of credit monitoring and identity protection services. The unions and state legislators have said that is not enough.

Sens. Ben Cardin and Barbara A. Mikulski of Maryland and their counterparts in Virginia, all Democrats, introduced legislation last week to offer lifetime identity protection coverage with at least $5 million of identity theft insurance.

"This erodes confidence going forward that the federal government will be able to protect federal employees whose personal data — Social Security numbers, dates of birth, fingerprints — has been stolen," Mikulski said. "I demand answers and assurances for them. And I demand a far more robust action plan for their protection."

Irv Zaritsky, 67, a retired Navy engineer, said the legislation makes sense.

"I certainly support lifetime monitoring," the Germantown resident said. "There hackers are very smart, very patient, and they're not in a hurry. They read the papers, and they'll know how long the free credit monitoring is offered. And after that, they can use the information."

Delaney touched on the legislation at the forum, but he said the event was about reaching out to victims and potential victims and providing one-on-one assistance.


Officials from agencies that included the Office of Personnel Management, the Federal Trade Commission and the office of Maryland Attorney General Brian E. Frosh set up tables and offered advice, pamphlets and presentations on ways that people can protect themselves, whether their information has been used or not.

Officials have said the hackers do not appear to have used the stolen data.

Suggestions included taking advantage of the offered credit monitoring, placing a fraud alert and freezing their credit.

"Change passwords and security questions," said Lisa Schifferle, a representative of the FTC. "Come up with ones that don't relate to personal information like your mother's name or the street you first lived on or any information that may have been exposed."

Maryland is home to about 300,000 federal employees, who make up one-tenth of the state's workforce. Schifferle said the state ranks sixth in the nation in identity theft.

About half of the speakers at the event, including Frosh, said their identities had been stolen before.


Gary Cohn, 27, who said he works for the federal government but declined to identify the agency, expects the experience to grow more common.

"What I took away was that more and more data breaches are going to happen, and everyone should expect that information that is personal to them will be in criminal hands at one point," the Germantown man said.