The government is still working on notifying people whose personal information was compromised in a massive Office of Personnel Management data breach. The OPM announced the breach back in June of this year, noting that hackers had targeted background check records archived by the office. (The OPM is in charge of running background investigations of government personnel.) All told, a reported 21.5 million peopled were affected by the breach in some regard. 19.7 million of them were individuals who had applied for background checks through the OPM since 2000. The others were spouses or family members whose personal information had been requested on the OPM forms.
The scope of the breach, which led to the exposure of Social Security Numbers, dates and places of birth, current addresses, fingerprints, and more, has already been a major controversy for the OPM and the government in general. In the wake of the hack, OPM Director Katherine Archuleta resigned from her post, following calls from lawmakers to do so. The OPM has also been criticized for not properly encrypting and securing its data, especially sensitive information regarding government personnel or former employees and applicants.
Now, the controversy is bound to explode yet again. On October 1st, Acting OPM Director Beth Cobert published a blog post stating that the agency would notify, via U.S. Postal Service, those whose information had been stolen or compromised in the cyber-attack. Fast-forward more than two months later, though, and the government has still not finished the process of notifying all of the people who had their information compromised in the June breach. Granted, sending notifications, via mail, to 21 million people is a daunting task. Still, people have a right to know whether or not their information was stolen, and the OPM hasn't shown sufficient hustle in getting the job done here.
According to the Washington Post, the government also isn't sure how to verify that people have actually received their notifications. Part of the problem of using the Postal Service for this job is that the OPM has outdated addresses for a lot of the past government employees or unhired applicants who were affected by the breach. Other notifications, the Washington Post article says, may have gotten lost in the mail.
Luckily, there's a new way for people to determine whether or not their background check information with the OPM was exposed in the hack. On Tuesday, December 1st, the government introduced a website where past and present government personnel, spouses, and one-time applicants can go to check their status. By entering their names, addresses, and several other pieces of information (including, somewhat ironically, their Social Security Numbers), people can get immediate answers as to whether or not they were among the 21.5 million people compromised in the breach.