OPM was hacked - now I have 3 years of credit/SSN monitoring - CAP related?

Started by Майор Хаткевич, December 15, 2015, 07:25:53 PM

0 Members and 1 Guest are viewing this topic.

Майор Хаткевич

I received a letter from the Office of Personnel Management regarding this situation.


Based on the letter, there were two scenarios as to how my information was in their database:
Applied for a position or submitted a background investigation form.
Listed on background investigation form by a spouse or co-habitant.


I know my wife wasn't applying for any government jobs, and I don't remember if I ever did in college (would have been 5+ years ago now).


The background investigation form part makes more sense, but I haven't had to submit one to anything other than CAP when becoming a SM (also over 5 years ago).


So, did anyone else receive one of these letters?


Alaric

Quote from: Capt Hatkevich on December 15, 2015, 07:25:53 PM
I received a letter from the Office of Personnel Management regarding this situation.


Based on the letter, there were two scenarios as to how my information was in their database:
Applied for a position or submitted a background investigation form.
Listed on background investigation form by a spouse or co-habitant.


I know my wife wasn't applying for any government jobs, and I don't remember if I ever did in college (would have been 5+ years ago now).


The background investigation form part makes more sense, but I haven't had to submit one to anything other than CAP when becoming a SM (also over 5 years ago).


So, did anyone else receive one of these letters?

I did but I work for a government contractor and have a clearance

THRAWN

Quote from: Capt Hatkevich on December 15, 2015, 07:25:53 PM
I received a letter from the Office of Personnel Management regarding this situation.


Based on the letter, there were two scenarios as to how my information was in their database:
Applied for a position or submitted a background investigation form.
Listed on background investigation form by a spouse or co-habitant.


I know my wife wasn't applying for any government jobs, and I don't remember if I ever did in college (would have been 5+ years ago now).


The background investigation form part makes more sense, but I haven't had to submit one to anything other than CAP when becoming a SM (also over 5 years ago).


So, did anyone else receive one of these letters?

I did, my wife did, my 6 year old son, my parents, my brother and his wife and two kids, his in laws, and a couple of uncles and cousins. That'll show us for volunteering for military service and working for the fed....

It could be CAP related. Ever take any PME? Ever provide your PII to the Department of Defense or any subordinate department/agency.organization (i.e. NTC Great Mistakes)? Were you a member before they moved into CAP ID numbers and used the SSN as the ID? Were you ever operating under a MSA?

Let Uncle provide the coverage. The company that is doing the monitoring is good about making notifications and keeping you up to date about what's going on with your credit.
Strup-"Belligerent....at times...."
AFRCC SMC 10-97
NSS ISC 05-00
USAF SOS 2000
USAF ACSC 2011
US NWC 2016
USMC CSCDEP 2023

lordmonar

My wife got one....but strangely I did not.

Go figure.

I have a clearance and have had one since 1997 or so.
PATRICK M. HARRIS, SMSgt, CAP

RiverAux

The CG Aux was pretty proactive about notifying members that some of our folks could have been vulnerable to this hack.  I would hope that CAP NHQ would have notified us if CAP members could have been at risk. 

Holding Pattern

I have received no notification. CAP is the only agency that would have given anything to OPM that I've ever interacted with. I'm going to guess this isn't due to CAP.

In fact, the only reference to OPM in the CAP websites I could find was in the CAPR regarding FECA coverage.

Holding Pattern

One other minor detail, instead of credit monitoring, you should consider a credit freeze. This way the only way your credit gets run is with your permission, as it should be. This will also have the side-effect of decreasing your junk mail.

lordmonar


Quote from: RiverAux on December 15, 2015, 09:52:57 PM
The CG Aux was pretty proactive about notifying members that some of our folks could have been vulnerable to this hack.  I would hope that CAP NHQ would have notified us if CAP members could have been at risk.
That assumes that CAP gives our information to OPM in the first place.   I don't know how CAP performs the background checks but we may it be using the OPM at all. 
PATRICK M. HARRIS, SMSgt, CAP

RiverAux

I wasn't assuming that at all. Was just saying that IF CAP provided information to OPM I would have expected them to notify us and since they haven't notified us, it is unlikely to impact us. 

TarRiverRat

I believe my info was from the background check that was done when I was in the Coast Guard Auxiliary, since my regular job is municipal police and not federal, I don't believe it came from there.  I also received the letter as well.  In the USCG Auxiliary we had to fill out all these forms and get fingerprinted to receive security clearance to be in the Auxiliary on the Operational side.  If you did not want to be Operational then you did not have to go through the Security Clearance.  You were then just a meeting night / donor member at that point.
Tar River Composite Squadron "River Rats" NC-057

Майор Хаткевич

Quote from: THRAWN on December 15, 2015, 08:47:41 PM
Quote from: Capt Hatkevich on December 15, 2015, 07:25:53 PM
I received a letter from the Office of Personnel Management regarding this situation.


Based on the letter, there were two scenarios as to how my information was in their database:
Applied for a position or submitted a background investigation form.
Listed on background investigation form by a spouse or co-habitant.


I know my wife wasn't applying for any government jobs, and I don't remember if I ever did in college (would have been 5+ years ago now).


The background investigation form part makes more sense, but I haven't had to submit one to anything other than CAP when becoming a SM (also over 5 years ago).


So, did anyone else receive one of these letters?

I did, my wife did, my 6 year old son, my parents, my brother and his wife and two kids, his in laws, and a couple of uncles and cousins. That'll show us for volunteering for military service and working for the fed....

It could be CAP related. Ever take any PME? Ever provide your PII to the Department of Defense or any subordinate department/agency.organization (i.e. NTC Great Mistakes)? Were you a member before they moved into CAP ID numbers and used the SSN as the ID? Were you ever operating under a MSA?

Let Uncle provide the coverage. The company that is doing the monitoring is good about making notifications and keeping you up to date about what's going on with your credit.

Bingo. MSA for Great Lakes every year I've gone. A large DoD form filled out with a lot of details this  Spring. Thanks for  reminder!

SARDOC

I was a Contract OPM Background Investigator for a while.  I got one of these letters as well.

I think the background check that CAP does on it's members is very rudimentary and wouldn't have involved OPM at all.  It's a straight FBI Criminal background check (Which is done as part of a larger OPM background check as well).

I'm thinking that by your last post you figured out the most likely culprit.


USACAP

The check done by CAP won't have exposed your info to the "hack" since you do not fill out and submit an SF-86.
If you have filled out and submitted an SF-86 the past decade or so, this is a life-changing event.
To quote someone else about the matter:

[edited to remove multiple filter circumventions and inappropriate content -Pace]

raivo

^ thanks for that helpful contribution.

I'm not entirely sure how OPM determined who was affected or not; I don't know anybody who received a notification from OPM that their information was compromised, and I know a lot of people who should have been.

CAP Member, 2000-20??
USAF Officer, 2009-2018
Recipient of a Mitchell Award Of Irrelevant Number

"No combat-ready unit has ever passed inspection. No inspection-ready unit has ever survived combat."

PHall

Capt Hatkevich, didn't you attempt to enlist in the Army? If you did, that's where OPM got your data.

Майор Хаткевич

Quote from: PHall on February 21, 2016, 08:58:51 AM
Capt Hatkevich, didn't you attempt to enlist in the Army? If you did, that's where OPM got your data.

Oooh. Good point. Data breached all the way from 2007. Ouch.

The CyBorg is destroyed

Quote from: RiverAux on December 15, 2015, 09:52:57 PM
The CG Aux was pretty proactive about notifying members that some of our folks could have been vulnerable to this hack.  I would hope that CAP NHQ would have notified us if CAP members could have been at risk.

I have a letter from CGAUX from a couple of years ago detailing exactly that.
Exiled from GLR-MI-011

USACAP

CAP members (who are not prior military) are likely not affected.
CAP members who undergo a background check don't go through an investigative process whereby records are retained - name/SSN is run against a database. Simple.
If you've ever submitted an SF-86 or been included on someone's SF-86 however, your information was likely exfiltrated.
Several have asked and no - you can't sue the USG nor the 3rd party contractor who left the barn door open.
Because we authorized (yes we did - read the release on the SF-86) the USG to use our information, we are all deemed to have no legal recourse.
The language in that letter we all received was pretty specific for a reason ... the USG does not see itself as at-fault.
"...nothing in this letter should be construed as OPM or the U.S. Government accepting liability for any of the matters covered by this letter or for any other purpose. Any alleged issues of liability concerning OPM or the United States for the matters covered by this letter or for any other purpose are determined solely in conformance with appropriate Federal law."

From a middle of the road news source ...
Tens Of Millions More People Could Have Had Information Exposed In OPM "Hack"
http://www.nextgov.com/cybersecurity/2015/06/opm-says-massive-data-breach-may-affect-4-million-federal-employees/114538/
An early internal assessment by the Office of Personnel Management (OPM) warned that the cyber-assault on its computer systems may have compromised personal information of tens of millions of people, with the hack of one particular system alone potentially affecting 18 million Americans - more than four times the 4.2 million the agency has publicly acknowledged.

Investigators are still conducting "many forensic steps" to determine whether so many people actually had their personal information stolen, but sources close to the investigation told ABC News and CNN that the number is expected to grow.

Hackers reportedly had access to far more than the personnel records, rummaging undetected through various OPM systems for more than a year -- all part of a suspected cyber-campaign out of China to collect information on federal workers inside the United States and others around the world. One of those systems was the database covering background checks, known as the Electronic Questionnaires for Investigations Processing system (e-QIP).

Sources said the e-QIP system was likely breached, allowing hackers to steal forms -- known as "SF-86" forms -- submitted by federal employees and others seeking security clearances. If SF-86 forms were stolen in their entirety, an "exponential amount of people" could be affected, including U.S. military, law enforcement, diplomatic and intelligence officials around the world. The forms require applicants to provide personal information not only about themselves but also relatives, friends and "associates" spanning several years. The forms also ask applicants about past drug use, financial history, mental health history and personal relationships. That type of information could be exploited to pressure or trick employees into further compromising their agencies.

Additionally, the OPM briefly delayed offering credit monitoring and identity protection to affected employees after they discovered hackers had duplicated the messages and were sending out phishing emails almost identical to the real emails. The initial messages from from OPM's identity protection contractor contained an embedded link, which was changed in the phishing emails to go to an unsecured data-entry page. It was unclear how many people might have given up their information.

The CyBorg is destroyed

Decades ago, before the SF-86, I had to fill out the DD391 for my security clearance...I wonder what the status of that is. :o
Exiled from GLR-MI-011

raivo

On the "positive" (CAP-wise) side, I doubt the people who heisted that information did it for taking out fraudulent mortgages... and now you have free credit monitoring! :D

CAP Member, 2000-20??
USAF Officer, 2009-2018
Recipient of a Mitchell Award Of Irrelevant Number

"No combat-ready unit has ever passed inspection. No inspection-ready unit has ever survived combat."