WASHINGTON 鈥 The federal government confirms more than 21 million people were affected by the massive federal Office of Personnel Management breach, which included stolen Social Security numbers and health and financial information. But the hackers responsible also could target people who are not affiliated with the government.
Victims of the attack can take advantage of services to protect themselves from fraud. Current, former and prospective federal employees, contractors and their spouses and children whose information was hacked are eligible for OPM鈥檚 free credit and identity-theft monitoring service for at least three years.
OPM also plans to develop a proposal for the same service for all federal employees, even if they are not affected by this breach.
But Ken Colburn, of the Data Doctors, says identity theft isn鈥檛 what the hackers are after.
鈥淭hey鈥檙e more interested in recruiting spies or blackmailing employees or finding out who key government employees are and using this information in much more nefarious ways.鈥
Phishing scams 鈥 fraudulent emails that trick you into giving up private information, sometimes for blackmail 鈥 are one way the information could be used.
OPM is notifying people who are affected by the breach, but even those emails must be handled very carefully.
鈥淥PM has already announced to all the hackers out there exactly what this email is supposed to look like. So it鈥檚 a double-edged sword for them to try to alert everybody to watch for this email. But what they鈥檝e done is made it really easy for people who want to create really sophisticated phishing scams. … So spoofing or making it look like the official OPM email is going to be very easy to do.鈥
Colburn says emails should be treated as guilty until proven innocent, even if you do not have any affiliation with the government.
鈥淪omebody that actually wasn鈥檛 a part of this breach may get one of these convincing emails.鈥
Information about the attack can be found on OPM鈥檚 .
If you are a victim of a phishing scam, you need to .
