Your Social Security Number... was included in the intrusion

By Will Angley
15 Oct 2016

It’s official: my background investigation files were stolen from the U.S. government last year in a “malicious cyber intrusion.”

I learned that I had likely lost personal information from the media in July 2015, but didn’t receive a corresponding notification from OPM. After reading a sharply critical report from the House Committee on Oversight, I filed a request for the Government to determine if I was affected in September this year1.

A few weeks later, in early October, I received a letter confirming I was affected in the mail. I’ve transcribed it online here, minus the PIN code2.

The lede, “we have determined that your Social Security Number and other personal information was included in the intrusion,” buried in the second paragraph basically says it all.

“Included.”

I’ve lived a simple life, didn’t sit for an interview with investigators, and was very early in my career when I filled out my last background check. I can reasonably hope that payments fraud is the worst I will face from this.

But many of my colleagues from the government had more to give up for their background checks, and have been and will be hurt far more by the information lost, and in ways that the offered identity theft protection is no defense against.

  1. The site used to do this is called the Verification Center. It looks depressingly like a phishing page slapped together on Google Forms, but is actually a legitimate government website. 

  2. Publishing that would probably be one of the few ways I could possibly make this incident worse for myself than it already is.