The government launched a new resource on Dec. 1 that allows people to verify if they are one of the 21.5 million individuals affected by the massive Office of Personnel Management cyber hack.
People who believe their background investigation data was stolen but have not yet received a notification letter from OPM can check whether they were affected. Victims can use one of two methods: they can check their status using the OPM verification website or by calling 866-408-4555 Monday through Friday between 9 a.m. and 9 p.m., EST, to speak to an agent.
“Whether you enter your information through the verification center website or provide it to the call center agent, you will be asked to provide your name, address, Social Security number, and date of birth,” according to OPM’s website. “This information will be used to determine whether you were impacted by the cyber intrusion involving background investigation records.”
But don’t expect an immediate response. It will be about two to four weeks before you receive a letter via the U.S. Postal Service that either confirms you were impacted and therefore includes a PIN number to enroll in credit monitoring services, or makes clear that you were not impacted.
If you tried using the website in the first few days following the launch, you may have experienced issues with the webpage not loading. OPM Press Secretary Samuel Schumach said a federal government network routing issue was to blame, adding that the issue was resolved on Dec. 3 with "no subsequently reported outages." Although OPM has taken the lead on notifying affected individuals, the Department of Defense hosts the verification website.
"The government continues to monitor the site to ensure individuals who feel they may have been impacted but have not received a letter may request verification services," Schumach said. "Individuals that may be experiencing issues now or in the future should send an email to [email protected]."
So far, only 1.2 million people have signed up for the free credit monitoring and identity protections services provided by the government. (You can read more about that registration process here.)
“We want to make sure that all those impacted are notified and have the opportunity to take advantage of these services,” OPM Director Beth Cobert said in a Dec. 1 blog post. “So I urge anyone who has not received a letter by the middle of this month and who believes his or her data may have been taken, to reach out to the verification center so we can confirm your correct address and send you a letter.”
Cobert noted that the notification process is still underway
As of Dec. 2, roughly 18.5 million letters had been mailed, according to Schumach. He added that OPM’s most recent percentage of returned mail is about 4 percent, noting that 2 to 3 percent is normal for a mailing of this size, based on USPS standards.
“We are sending out about 800,000 notification letters each day and we are on schedule to finish the mailing in the next two weeks,” Cobert said. “If you do not receive a letter by the middle of December, either the government could not identify a valid address for you after using both government and commercial data sources, or our records indicated that your Social Security Number was not compromised in the intrusion.”
To stay current on the most recent information from OPM, sign up for the agency’s email updates here.