30 Nov

I am an OPM Data Breach Victim- Next Steps

Nearly six months after the fact, I received a letter from the Office of Personnel Management notifying me that my information had officially been lost in the June 2015 breach.

OPM.jpg - Picasa Photo Viewer

To add insult to injury, I was never actually a federal government employee. A few years ago, I consulted on a few enterprise systems migrations and implementations for The Federal Reserve Bank and Fannie Mae, and part of the vetting process involved divulging every detail of my life less a DNA sample.

The letter was gut wrenching, stating that not only had my social security number been lost, but also all information gathered pertaining to my family, full residential and employment history, place of birth and birthday, and my finger prints.

So what now? The federal government offered me three years of free tax payer funded credit monitoring service, which is the equivalent of an anti-malware solution that only alerts you after the bad guys have corrupted your databases and ran away with all your data!

The Only Effective Response to a Data Breach- The Credit Freeze

It turns out, the only effective response available in the event of a data breach, and the only way to prevent economic identity theft, is to “Freeze” your credit. As I stated above, monitoring services serve as a weak detective control at best, and what all security conscious individuals are really interested in is prevention!

What is a Credit Freeze?

Think of a credit freeze as applying a default “Deny All” rule to a firewall. All pre-existing lines of credit (or rules to continue with the firewall analogy) continue to operate as agreed upon between the creditor and debtor, but any further requests outside the pre-existing rule set are blocked by default!

The problem with a credit freeze is that you must pay each of the three bureaus for the pleasure of doing so. The costs vary by state (ranging from $3 in Georgia to $10 in California for each bureau) and some bureaus make it harder than others to Freeze and Thaw your credit. Equifax and Transunion have a fairly painless online process, but I’ve had serious issues with Experian in the past.

Further, each bureau issues you a special PIN number that is required to Thaw and Re-Freeze your accounts. They send you these PINs in the mail and resetting it if lost is extremely difficult, so I suggest you store it digitally in a password manager and the paper copy in a locked fire safe in your home.

How to Freeze/Thaw your Credit

I have scoured the internet for the perfect guide to Freezing and Thawing your credit across all three credit bureaus and found that consumer advocate Clark Howard (a fellow metro-Atlantan) has the best guide, which is updated regularly as rules and regulations change.

I encourage you to check out the guide and start the process of freezing your credit:

http://www.clarkhoward.com/credit-freeze-and-thaw-guide

Leave a Reply