CHARLESTON, W.Va. — Attorney General Patrick Morrisey is urging West Virginia residents to monitor their personal accounts and credit reports after the federal Office of Personnel Management admitted a data breach of its systems was much larger than originally reported.
The federal agency reported Thursday that nearly 22 million people, including current and former federal employees, as well as individuals and family members of those who have undergone federal background checks, may have had their personal information stolen by hackers.
“The size and scope of this data breach is staggering,” Morrisey said. “What is even more disturbing is the amount of time it has taken the Administration to fully divulge the scope of this breach.”
Last month, the Office of Personnel Management announced that personnel data for about 4.2 million current and former federal employees had been stolen. The agency now admits it was aware of this fact in April. On Thursday, the agency expanded its original number, admitting personal data for roughly 21.5 million people involved in federal background investigations had been compromised.
“West Virginians rightfully deserve to know if their personal information is protected, and I’m extremely disappointed it has taken officials this long to properly acknowledge who has been affected by this breach,” Morrisey said.
Among the current and former federal employees that were affected, the information that was stolen may include a person’s full name, birth date, home address and Social Security number, the agency said. According to Workforce West Virginia, approximately 22,800 people currently work for the federal government in West Virginia. The individuals involved in this portion of the breach should have already been contacted by the federal government.
According to the information released Thursday, background investigation records of current, former and prospective Federal employees and contractors were also compromised. That includes records of 19.7 million individuals who applied for background investigations and 1.8 million non-applicants, primarily the spouses or co-habitants of applicants. Many of the original 4.2 million affected current and former employees were included in this group. However, the agency has not yet begun the process of notifying the additional individuals affected by this portion of the breach.
The agency said the information hackers may have gained from these records could include Social Security numbers, fingerprint data, residency and educational history, employment history, information about immediate family and personal and business acquaintances, health and financial history, findings from interviews conducted by background investigators and the usernames and passwords used to fill out online forms.
The Office of Personnel Management is offering those employees affected by the breach free credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution.
The Attorney General’s Office is offering few basic tips for consumers to protect their information and identities including:
— Monitor your bank account and credit card statements to detect unauthorized charges.
— Check your credit report for new accounts or creditors you do not recognize. All consumers are entitled to a free annual credit report from each of the three major credit bureaus: Equifax, Experian, and Transunion.
— Place a fraud alert on your credit report. These free alerts last for 90 days and make it more difficult for a person to open up a line of credit in your name.
— Participate in the free credit monitoring offered by OPM.
“I strongly encourage anyone who has ever worked for or applied for a job with the federal government to be vigilant in monitoring their bank accounts and credit reports in the coming months,” Morrisey said. “I also promise that my Office will work to hold the federal government accountable and make sure the Administration takes all necessary steps to protect individuals affected by this breach.”
Earlier this week, Morrisey joined a bipartisan, national coalition of state Attorneys General to urge federal lawmakers against pre-empting state authority when it comes to data breaches and data security laws.
“I think the federal government’s reaction to this situation is a cautionary tale that demonstrates why states should be able to take the lead in protecting our citizens’ personal data,” Morrisey said. “We have good laws and resources in place at the state level to protect and notify citizens when data breaches occur. It’s clear that now is not the time to give that authority over to a federal government that can’t even protect its own data.”
For information on preventing identity theft or to report suspicious activity, contact the West Virginia Attorney General’s Consumer Protection Division at 800-368-8808 or the Eastern Panhandle field office in Martinsburg at 304-267-0239. To file a consumer complaint online, go to www.wvago.gov.