NCSA statement following report of data breach at U.S. Office of Personnel Management


Today, many current and former federal employee ‒ up to 4 million in fact ‒ may be concerned about the loss of their personal information in the wake of a massive data breach at the Federal Government’s Office of Personnel Management.

According to early news reports, the breach is attributed to Chinese hackers, and information stolen included Social Security numbers, job assignments, performance reviews and training and other personally identifiable information. For those whose personal information was lost, the attribution of the hack is less important than the knowledge that their information may now be used by others for a variety of purposes, including fraud and identity theft, or it may be sold to cybercriminals.

“Having information stolen about you can be very disconcerting,” said Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance. “Everyone impacted by this, or any breach, must now enter a phase of diligence about ensuring that additional personal information and accounts are protected and not misused for cybercrimes or other purposes.”

The National Cyber Security Alliance shares the following recommendations in the wake of having data exposed:

  1. Get two steps ahead and protect core accounts email, financial services and social networking with multifactor authentication. Multifactor authentication requires a second step, such as a text to a phone, the swipe of a finger or other means to be used in addition to a password. This second step makes it significantly harder for accounts to be accessed. Email accounts, in particular, are extremely important to protect as once breached, hackers can use them to reset passwords and credentials for other accounts. More information:

  2. Clean and keep clean all machines. Immediately update all software on every Internet-connected device. All critical software including PCs and mobile operating systems, security software and other frequently used software and apps should be running the most current versions.

  3. Monitor activity on your financial and credit cards accounts. If appropriate, implement a fraud alert or credit freeze with one of the three credit bureaus (this is free and may be included if credit monitoring is provided post breach). See the Federal Trade Commission website:

  4. Change passwords on accounts that don’t offer multifactor authentication change and make better passwords. Passwords should be long and consist of combinations of passphrases, numbers and symbols. Important accounts should have unique passwords not used to access any other accounts.

Data breaches have become more commonplace and everyone should be aware of these steps so they can act quickly in the wake of hearing or suspecting their personal information has been lost.

Other helpful resources include:

If you believe you have been the victim of a cybercrime you can report it to:  The Internet Crime Complaint Center at

Media Contact

Jessica Beffa